Subscribe via feed.

Mac OS X “__MACOSX” ZIP Archive Shell Execution Vulnerability

Posted by deepquest on February 22, 2006 – 4:59 am

A new security flaw has been discovered in OSX, allowing safari to run a trustable attachment in the systement. Check the details for a POC (Proof of Concept).

[url=http://deepquest.code511.com/blog/images/uploads/videos/Mac-TV-Stream.mov.zip]This link[/url] will download an harmless fake movie and will open a terminal and display a small text message.

[b]Vulnerable:[/b] 10.4.5 and previous
[b]Solution:[/b] none at this time, disable open trusted documents.
[b]Credits:[/b] Michael Lehn


This post is under “Apple” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.