Leopard Mail May Include Tiger Security Flaw || The Mac Observer

Skip navigational links

Choose text size:

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Leopard Mail May Include Tiger Security Flaw

Leopard Mail May Include Tiger Security Flaw

by , 9:40 AM EST, November 21st, 2007

Heise Security says Apple's Mail application in Mac OS X 10.5 may include a security flaw that the company previously patched in Mac OS X 10.4. The flaw could allow an attacker to trick Mail users into running an application by disguising it as a JPEG email attachment.

Apple patched the flaw in Tiger's Mail application in March 2006, but somehow it seems the same security hole was reintroduced when Leopard shipped at the end of October.

The security company has developed a demonstration showing the flaw. The demonstration emails a harmless attachment that launches the Terminal application and displays the contents of the current directory.

This potential security flaw appears to impact Leopard users only. Tiger users with current updates installed are not impacted.

Recent TMO Headlines - Updated August 9th

Tue, 3:05 PM: Apple Releases 5th Developer Betas of iOS 16, iPadOS 16, watchOS9, macOS Ventura, More [U: 3rd Public Betas, Too]
Tue, 2:54 PM: Google Puts More Pressure on Apple to Adopt RCS with ‘Get the Message’ Campaign
Tue, 2:37 PM: Despite Keeping Things Private, Apple TV+ Continues to Show Dominance
Tue, 1:34 PM: Apple Partners with Kim Kardashian for Beats Fit Pro in Neutral Colors
Tue, 1:34 PM: Apple Brings Battery Percentage Back in iOS 16 beta 5: Who Gets it and Who Doesn't
Tue, 12:51 PM: Snapchat Brings Parental Controls Through New 'Family Center' Feature
Tue, 11:46 AM: Apple Pay Now Available in Malaysia in Partnership in MayBank, AmBank and Standard Chartered Bank
Tue, 11:26 AM: South Korea to Investigate Whether Apple and Other App Store Operators Violate In-App Payment Law
Mon, 4:42 PM: Apple Could Bring Back the High-End HomePod and Then Some
Mon, 4:33 PM: How to Choose the Right Gear to Connect Your Guitar to GarageBand (Mac/iPhone/iPad)
Mon, 3:37 PM: Email to Reset Slack Password Is the Real Deal
Mon, 2:44 PM: Apple Searching for Gold and Treasure in New Original Podcast 'Missed Fortune'

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.