Mac OS X Safari Web Browser Remote Code Execution > Forums

Unanswered

Active Topics

Forums

Forums > Viruswarning Forum > Viruswarning archive

Subject: Mac OS X Safari Web Browser Remote Code Execution

Email me when someone replies to this thread.

You are not authorized to post a reply.

Author

Messages

David Gray
Posts:22

02/23/2006 2:04 AM
What Is It? An error in the way the Safari Web browser distinguishes safe from unsafe files could permit a remote user to execute arbitrary code on your Mac. This means that a malicious person can do anything on your computer that you could do. Specifically, in its default configuration, the browser may execute shell scripts hosted on a specially constructed Web page. Shell scripts can do anything that you can do at a shell prompt. A shell prompt is the most primitive, and powerful, interface on your computer. Even if you don't know what a shell prompt is, a shell script can run as if you did, because it essentially creates its own, on the fly, then discards it when it is done. What Should You Do? Unless you run the Mac OS X operating system, also known as "Panther," there is nothing to do. However, if you have a recent Apple Macintosh that runs OS X, you also have the Safari Web browser. Although Apple has not yet released a patch, there is a simple workaround, which is probably good practice anyway. Here are the steps. Open the Safari Web browser On the Safari menu, which is immediately to the right of the Apple icon, choose Preferences. In the middle of the dialog box is an item marked "Save downloaded files to." Select a folder such as "My Downloads." Just below the folder name is a check box marked "Open 'Safe' files after downloading." Clear the check mar Apple will probably eventually update the browser to fix this problem. However, we believe that downloading files without opening them is always the safest thing to do, partly because files are more thoroughly scanned by most virus scanners when you download them. At http://www.us-cert.gov/reading_room/securing_browser/#sgeneral, US-CERT has detailed instructions, with pictures, that illustrate how to change this and other settings in the Safari browser. Now would be a good time to use this page as a guide and review the settings on your copy of Safari. References http://www.us-cert.gov/reading_room/securing_browser/#sgeneral contains illustrated instructions for securing the Safari Web browser. http://www.us-cert.gov/cas/alerts/SA06-053A.html is US-CERT Cyber Security Alert SA06-053A, Apple Mac OS X Safari Command Execution Vulnerability. http://www.us-cert.gov/cas/techalerts/TA06-053A.html is Technical Cyber Security Alert TA06-053A, Apple Mac OS X Safari Command Execution Vulnerability. This is the technical version of the previous reference. http://www.kb.cert.org/vuls/id/999708 is US-CERT Vulnerability Note VU#999708, which gives the technical details of the vulnerability. This concludes this VirusWarning bulletin.

David Gray
Posts:22

03/04/2006 2:59 PM
What Is It? Apple Computer, Inc. has released Security Update 2006-001 to correct numerous security issues in the Safari Web browser, mail client, OS X, version 10.3.9, and OS X Server, version 10.4.5, and various other applications that are commonly installed with the operating system. Among other things, this update addresses the problem that we first discussed in VirusWarn bulletin, "Mac OS X Safari Web Browser Remote Code Execution," at http://www.leedrake.com/forum/topic.asp?TOPIC_ID=982. What Should You Do? Follow the step by step directions given at http://docs.info.apple.com/article.html?artnum=106704 to update your browser and system software. The security update should appear as a single package that covers all the items discussed in the bulletin. If you have not already done so, we suggest you follow the directions under the Scheduling an Update heading to be sure that your system checks regularly for critical updates. By default, the system does so, but it is a good idea to check periodically, in case the settings are accidentally changed. References http://docs.info.apple.com/article.html?artnum=106704 contains step by step instructions for updating your Apple Web browser and system software. http://docs.info.apple.com/article.html?artnum=303382 is the Apple summary of issues addressed in Security Update 2006-001. http://www.apple.com/support/downloads/ is the general Apple Downloads index page. As of this writing, the security update is the second item on this page. http://www.leedrake.com/forum/topic.asp?TOPIC_ID=982 is in VirusWarn bulletin, "Mac OS X Safari Web Browser Remote Code Execution." http://www.us-cert.gov/cas/alerts/SA06-062A.html is Cyber Security Alert SA06-062A, "Apple Mac Products are Affected by Multiple Vulnerabilities." http://www.us-cert.gov/cas/techalerts/TA06-062A.html is Technical Cyber Security Alert TA06-062A, "Apple Mac Products are Affected by Multiple Vulnerabilities," which is the technical version of the above reference. This concludes this VirusWarning bulletin.

You are not authorized to post a reply.

Forums > Viruswarning Forum > Viruswarning archive > Mac OS X Safari Web Browser Remote Code Execution

ActiveForums 3.6