Content

More Mac headaches surface

On the heels of last week's discovery of the first two worms designed to infect Mac OS X platforms, a new vulnerability surfaced today.

Rated "extremely critical" by Secunia, the vulnerability is caused by an error in the processing of file association meta data in ZIP archives. Mac users can be tricked into executing a malicious shell script renamed to be a safe file stored in a ZIP archive.

The vulnerability - broken on a German website - also automatically can be exploited if a person using the Safari browser visits a malicious website.

Secunia suggests users only open ZIP files originating from a trusted source and to disable the "open safe files after downloading" option in Safari.

Kevin Long, a security analyst with Cybertrust, said today that his firm has been warning customers about the vulnerability since last summer.

"We told our customers to uncheck that box," he said. "It's a bad default setting. It's really not a big deal for the user. The file goes to your desktop and you have to go to your desktop and double click on it."

Meanwhile, F-Secure said today that it received samples of two worms, OSX/Inqtana.B and OSX/Inqtana.C.

The malware samples are variants of the OSX/Inqtana.A worm, a proof-of-concept bug for version 10.4 discovered last week, which spreads from one infected system to another by using Bluetooth OBEX Push vulnerability. The Bluetooth technology allows Macs to commuicate with each over close distances.

Shane Coursen, a senior technical consultant with Kaspersky Lab, said he is not surprised the variants have popped up in the wake of the first worm.

"There are going to be copycats," he said.

All three variants are not considered threats because they are time senstive - set to expire Feb. 24 - so they will not have a chance to replicate in the wild.

But F-Secure warned users today to be mindful of attacks with more destructive payloads.

"It is possible that some virus author will create similar worms that are not intentionally limited, so please make sure that your OS X is up to date," the company said.

An Apple spokesperson could not be reached for comment.

Mac users should not take for granted their system's long-standing tradition of security, experts said.

"Every operating system in the world that exists is vulnerable in some fashion," Coursen said. "All precautions should be taken to secure the operating system by the end user, more so than what they receive when they first open the box with their computer in it."

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.