Envying Posted November 21, 2007 Share Posted November 21, 2007 Leopard quarantine bug discovered A flaw has surfaced in Apple's Leopard quarantine system that allows unsuspecting Mac users to open specially crafted files that run with nearly any application. The quarantine system included in the latest revision of Mac OS X is designed to alert users when they attempt to open applications or disk images that arrive via Mail, Safari, or iChat. However the safety measure fails to issue a proper warning when Mail attachments posing as pictures arrive containing a resource fork which instructs the Mac to open the file using a specific application. A proof of concept exploit created by heiss Security -- the firm that discovered the bug -- demonstrates the flaw by printing some harmless text in a terminal window after the user clicks on an image received via email, noting that the shell script could just as easily contain commands to delete all of a user's files. Intego's sample file using Apple's Mail program appears as an attachment with a JPEG icon that will open in Preview when double clicked, but attempting to view the file with Quick Look reveals the truth about the masked shell script. Users receiving such a file might click the attachment to view the contents, trusting Apple's quarantine security measure to warn them about any unwanted applications received by email or other means. "Until this bug is corrected in Mac OS X 10.5, Mac users are at risk of receiving maliciously crafted files, pretending to be image files, which could delete all of a user's files, or may contain Trojan horses," Intego said. "It is important that users do not open attachments from unknown senders, especially those that come with spam messages." Link to comment https://www.insanelymac.com/forum/topic/72581-leopard-quarantine-bug-discovered/ Share on other sites More sharing options...
~pcwiz Posted November 22, 2007 Share Posted November 22, 2007 Thats a scary bug But now with the EFI + vanilla kernel and all its easier for us to install the updates and correct the bugs Link to comment https://www.insanelymac.com/forum/topic/72581-leopard-quarantine-bug-discovered/#findComment-514368 Share on other sites More sharing options...
Lostgame Posted November 23, 2007 Share Posted November 23, 2007 I remember when everyone was saying that Apple would make it more difficult to run Leopard on a beige box...must be a load of bullshit, I guess. Link to comment https://www.insanelymac.com/forum/topic/72581-leopard-quarantine-bug-discovered/#findComment-515686 Share on other sites More sharing options...
glassJAw Posted November 23, 2007 Share Posted November 23, 2007 Well it was, until EFI was cracked. Link to comment https://www.insanelymac.com/forum/topic/72581-leopard-quarantine-bug-discovered/#findComment-516356 Share on other sites More sharing options...
bwhsh8r Posted November 23, 2007 Share Posted November 23, 2007 woohoo HA BE SMUG NOW apple fanboys =] apple will probably patch this soon, but im gonna get my 2min of smugness.... lol but in allreality im quite sure ittl be patched in a jiffy Link to comment https://www.insanelymac.com/forum/topic/72581-leopard-quarantine-bug-discovered/#findComment-516389 Share on other sites More sharing options...
Soündless Posted November 24, 2007 Share Posted November 24, 2007 i dont expect this to be a problem for very long. apple best fix these security glitches soon. why dont they just put in the one from tiger? it workd much better Link to comment https://www.insanelymac.com/forum/topic/72581-leopard-quarantine-bug-discovered/#findComment-516495 Share on other sites More sharing options...
Recommended Posts