Mac OS X “__MACOSX” ZIP Archive Shell Execution Vulnerability
Posted by deepquest on February 22, 2006 – 4:59 am
A new security flaw has been discovered in OSX, allowing safari to run a trustable attachment in the systement. Check the details for a POC (Proof of Concept).
[url=https://deepquest.code511.com/blog/images/uploads/videos/Mac-TV-Stream.mov.zip]This link[/url] will download an harmless fake movie and will open a terminal and display a small text message.
[b]Vulnerable:[/b] 10.4.5 and previous
[b]Solution:[/b] none at this time, disable open trusted documents.
[b]Credits:[/b] Michael Lehn
Post a reply
You must be logged in to post a comment.