Author: Keith
Warning! Apple Mac OS X Safari Command Execution Vulnerability
Monday, February 27th, 2006 @ 3:39 pm
A vulnerability has been recently discovered in Mac OS X and Safari, which can be exploited to severely compromise a user’s system. This vulnerability has been rated as extremely critical. Details can be found in the following US-CERT Vulnerability Note.
VU#999708 - Apple Safari may automatically execute arbitrary shell commands
Since Apple Computer so far hasn’t provided any security patches for this vulnerability, you are advised to perform the following measures until patches are available.
Disable the Safari option “Open ’safe’ files after downloading.” as specified in the Securing Your Web Browser.
Move “Terminal” Application from default location, /Applications/Utilities/Terminal, to other directory, say /Application_restricted/Utilities/Terminal.
Leave a Reply