[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[escepticos] **URGENTE** Agujero en MacOS X
Hola:
Acaba de descubrirse un agujero en Safari que pudiera ser peligroso
(Ver http://secunia.com/advisories/18963/ o leer abajo).
En resumen, tenemos que habituarnos a usar normas de seguridad, como
sugieren los comentarios de
<http://www.faq-mac.com/mt/archives/016080.php> donde tambien se
habla sobre este agujero. Por ejemplo, trabajar habitualmente con una
cuenta sin privilegios, no fiarte ni de tu padre, etc.
Saludos
Copiado de http://secunia.com/advisories/18963/
-----------------------------------------------
"Michael Lehn has discovered a vulnerability in Mac OS X, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of file
association meta data in ZIP archives (stored in the "__MACOSX"
folder) and mail messages (defined via the AppleDouble MIME format).
This can be exploited to trick users into executing a malicious shell
script renamed to a safe file extension stored in a ZIP archive or in
a mail attachment.
This can also be exploited automatically via the Safari browser when
visiting a malicious web site.
Secunia has constructed a test, which can be used to check if your
system is affected by this issue:
http://secunia.com/mac_os_x_command_execution_vulnerability_test/
The vulnerability has been confirmed on a fully patched system with
Safari 2.0.3 (417.8), Mail 2.0.5 (746/746.2), and Mac OS X 10.4.5.
Solution:
Do not open files in archives or mail attachments originating from
untrusted sources.
The vulnerability can be mitigated by disabling the "Open safe files
after downloading" option in Safari."
--
------------------------
Mail Adress: Xan Cainzos
Dpto. Analise Matematica - Facultade de Matematicas
Universidade de Santiago de Compostela
15782 Santiago de Compostela
SPAIN