Experts Claim Mac Security Flaw Remains
March 6th, 2006 at 2:00 PM - News by Jeff Gamet
Some security analysts are claiming that Apple only partially fixed a flaw in Mac OS X that allows applications to run automatically after they are downloaded by Safari, Mail, or iChat. According to ZDNet UK, Apple added a new fail safe called "download validation" to the applications to warn users that downloaded files may be malicious, but does not prevent users from launching applications that are masquerading as something else.
The issue that still remains is commonly referred to as a "trojan horse," or an application that is disguised to seem like a safe file or program, but actually hides a malicious application.
In this case, the problem is that Mac OS X looks to file name extensions for the proper icon to display, but it looks at the fileis metadata to determine what to do if the file is opened. This allows someone to create an application that at first glance appears to be something innocent, like a JPEG image, but in reality is a script that executes commands without your knowledge. When the file is downloaded, it remains inactive, but when a user double-clicks it, the hidden application launches.
Although this is an issue, itis not as big a deal as some media outlets are implying. Cybertrust analyst, Kevin Long, commented "Itis true that this security update does not translate into Macs that are invulnerable. However, Apple has put some things in place to assist users in detecting questionable files... thereis no need to freak out about this."
Apple is aware of the problem with file extensions and metadata, and is actively taking feedback from users, and is looking into the possibility of adding protection for trojan horse-type files at a deeper level in the operating system.
Phil Schiller, Appleis senior vice president of world wide marketing, stated "We always try to make this better and stronger."
Recent Headlines - Updated February 10th
- Tue, 9:09 PM
- Games - Gameloft’s GT Racing Motor Academy Arrives at App Store
- 6:27 PM
- iPad - Apple Job Posting Hints at a Camera in Future iPads
- 6:22 PM
- Product News - Apple Releases Digital Camera RAW Compatibility Update 3.0
- 6:18 PM
- Product News - Apple Updates iLife ‘09 with Aperture 3 Support, Slideshow Performance
- 4:53 PM
- News - Google Introduces “Buzz” Social Information Sharing Service
- 4:19 PM
- Just a Thought - iPad: A Reason For Being
- 3:28 PM
- News - Google Lowers Nexus One “Equipment Recovery Fee” to $150
- 2:27 PM
- Deal Brothers - Refurbished 13” MacBook 2.13GHz Intel Core 2 Duo: $749
- 1:31 PM
- Jeff Gamet's Blog - Macworld Expo: It’s Our Show, Not Apple’s
- 10:38 AM
- Quick Look Review - Texas Tea for the iPhone and iPod touch
- 10:25 AM
- News - Apple Rolls Out Aperture 3 Video Tutorials
- 10:00 AM
- Hot Forum Topic - Backing Up Your iPhoto Library
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8GB Kit $275.99, Mac Pro 4GB Kits $145.99! Sale on MacBook and MacBook Pro 8GB kits $459.99! MacBook, MacBook Pro, iMac Mac mini 4GB Kits for $113.99! 1TB SATA Hard Drives for $109.99! Click here- If you own a car, you need CarMD! Catch problems, estimate repairs and more. Now for Mac. $98.99 at www.CarMD.com Save $10 with code TMO1.
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
J&R ComputerWorld’s Weekend Sale - Sitewide Unbelievable Deals
Refurbished 13” MacBook Air 1.86GHz Intel Core 2 Duo: $1249.00 Delivered
Refurbished iMac 24-inch 2.93GHz Intel Core 2 Duo: $1279.00 Delivered
