An article had been published describing a flaw in Apple Safari Browser running on OS X. The flaw is said to cause immediate execution of files by just visiting a website.
An option in the browser “open ‘safe’ files after downloading” (activated by default), causes the browser to automatically execute safe files like zip. However a shellscript with no “shebang line” such as “#!/bin/bash” will be executed without user interaction. Read the article here for the full story.
For now it is highly recommended to disable the option “Open ‘safe’ files after downloading” until an update that fixes the flaw is made available.
Update(JJ, 21 February 2006 18:20:49)
Updates from ISC.
This actually looks more serious then we initially thought it is. The workaround specified above will prevent Safari from automatically executing the PoC file, but it looks like your machine is still vulnerable and it doesn’t need Safari to run this file at all.
Update(JJ, 23 February 2006 20:30:27)
More updates from ISC!
…the Mail application is vulnerable as well. What’s even worse, the attacker doesn’t need to send a ZIP archive; the shell script itself can be disguised to practically anything.
Here’s the link again: http://isc.sans.org/diary.php?storyid=1138
