The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Experts Claim Mac Security Flaw Remains

Experts Claim Mac Security Flaw Remains

by , 9:50 AM EST, March 7th, 2006

Some security analysts are claiming that Apple only partially fixed a flaw in Mac OS X that allows applications to run automatically after they are downloaded by Safari, Mail, or iChat. According to ZDNet UK, Apple added a new fail safe called "download validation" to the applications to warn users that downloaded files may be malicious, but does not prevent users from launching applications that are masquerading as something else.

The issue that still remains is commonly referred to as a "trojan horse," or an application that is disguised to seem like a safe file or program, but actually hides a malicious application.

In this case, the problem is that Mac OS X looks to file name extensions for the proper icon to display, but it looks at the file's metadata to determine what to do if the file is opened. This allows someone to create an application that at first glance appears to be something innocent, like a JPEG image, but in reality is a script that executes commands without your knowledge. When the file is downloaded, it remains inactive, but when a user double-clicks it, the hidden application launches.

Although this is an issue, it's not as big a deal as some media outlets are implying. Cybertrust analyst, Kevin Long, commented "It's true that this security update does not translate into Macs that are invulnerable. However, Apple has put some things in place to assist users in detecting questionable files... there's no need to freak out about this."

Apple is aware of the problem with file extensions and metadata, and is actively taking feedback from users, and is looking into the possibility of adding protection for trojan horse-type files at a deeper level in the operating system.

Phil Schiller, Apple's senior vice president of world wide marketing, stated "We always try to make this better and stronger."

Recent TMO Headlines - Updated May 18th

Wed, 1:25 PM
Apple Executive Ian Goodfellow Leaves Company to Rejoin Google
Wed, 1:16 PM
Quanta Considering Relocation of MacBook Pro Factory to Increase Production
Tue, 4:40 PM
Star Wars Future Unveiled by Disney
Tue, 4:18 PM
Apple Facing Lawsuit Claims AirPods Ruptured Child's Eardrum after Amber Alert
Tue, 3:39 PM
Apple Delays Stricter In-Person Work Requirements Citing Rising COVID-19 Cases
Tue, 2:37 PM
Customize Your CarPlay Apps the Way You Want Them
Tue, 2:28 PM
247 Catcher for Pokémon Go Helps Users Catch 'em All
Tue, 1:50 PM
Civil Liberties Group Warns of Global Privacy Breach, Google Largest Offender
Tue, 1:33 PM
Apple Previews New Accessibility Features Coming In 2022, Including Door Detection
Tue, 10:36 AM
Apple Explores Ways to Improve iPhone Sensor Accuracy and Water Resistance Simultaneously
Tue, 9:45 AM
Apple Developers Will Soon Be Able to Offer Auto-Renewable Subscription Price Increase
Tue, 9:37 AM
Apple Rolls Out Communication Safety in Messages to the UK and Other Countries
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Daily Observations
  • TMO on Twitter!