検索:
ホーム   »     »   Automatic Execution on Apple Safari Browser

Automatic Execution on Apple Safari Browser

  • 投稿日:2006年2月21日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

An article had been published describing a flaw in Apple Safari Browser running on OS X. The flaw is said to cause immediate execution of files by just visiting a website.



An option in the browser “open ‘safe’ files after downloading” (activated by default), causes the browser to automatically execute safe files like zip. However a shellscript with no “shebang line” such as “#!/bin/bash” will be executed without user interaction. Read the article here for the full story.



For now it is highly recommended to disable the option “Open ‘safe’ files after downloading” until an update that fixes the flaw is made available.




Update(JJ, 21 February 2006 18:20:49)



Updates from ISC.



This actually looks more serious then we initially thought it is. The workaround specified above will prevent Safari from automatically executing the PoC file, but it looks like your machine is still vulnerable and it doesn’t need Safari to run this file at all.



Update(JJ, 23 February 2006 20:30:27)



More updates from ISC!



…the Mail application is vulnerable as well. What’s even worse, the attacker doesn’t need to send a ZIP archive; the shell script itself can be disguised to practically anything.

Here’s the link again: http://isc.sans.org/diary.php?storyid=1138

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.