More Mac headaches surface

On the heels of last week's discovery of the first two worms designed to infect Mac OS X platforms, a new vulnerability surfaced today.

Rated "extremely critical" by Secunia, the vulnerability is caused by an error in the processing of file association meta data in ZIP archives. Mac users can be tricked into executing a malicious shell script renamed to be a safe file stored in a ZIP archive.

The vulnerability - broken on a German website - also automatically can be exploited if a person using the Safari browser visits a malicious website.

Secunia suggests users only open ZIP files originating from a trusted source and to disable the "open safe files after downloading" option in Safari.

Kevin Long, a security analyst with Cybertrust, said today that his firm has been warning customers about the vulnerability since last summer.

"We told our customers to uncheck that box," he said. "It's a bad default setting. It's really not a big deal for the user. The file goes to your desktop and you have to go to your desktop and double click on it."

Meanwhile, F-Secure said today that it received samples of two worms, OSX/Inqtana.B and OSX/Inqtana.C.

The malware samples are variants of the OSX/Inqtana.A worm, a proof-of-concept bug for version 10.4 discovered last week, which spreads from one infected system to another by using Bluetooth OBEX Push vulnerability. The Bluetooth technology allows Macs to commuicate with each over close distances.

Shane Coursen, a senior technical consultant with Kaspersky Lab, said he is not surprised the variants have popped up in the wake of the first worm.

"There are going to be copycats," he said.

All three variants are not considered threats because they are time senstive - set to expire Feb. 24 - so they will not have a chance to replicate in the wild.

But F-Secure warned users today to be mindful of attacks with more destructive payloads.

"It is possible that some virus author will create similar worms that are not intentionally limited, so please make sure that your OS X is up to date," the company said.

An Apple spokesperson could not be reached for comment.

Mac users should not take for granted their system's long-standing tradition of security, experts said.

"Every operating system in the world that exists is vulnerable in some fashion," Coursen said. "All precautions should be taken to secure the operating system by the end user, more so than what they receive when they first open the box with their computer in it."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.