“A serious flaw in Mac OS X could be a conduit for attackers to install malicious code on computers running the Apple Computer software, experts warned Tuesday,” Joris Evers reports for CNET News. “Visiting a malicious Web site using Apple’s Safari Web browser could result in a rootkit, a back door or other malicious software being installed on the computer without the user noticing anything, experts said. ‘This could be really bad,’ the SANS Internet Storm Center, which tracks network threats, said Tuesday. ‘Attackers can run shell scripts on your computer remotely just by visiting a malicious Web site.'”
“Apple is developing a patch for the flaw, a company representative told CNET News.com. ‘We’re working on a fix so that this doesn’t become something that could affect customers,’ the representative said, but could not give a delivery date for the update,” Evers reports.
Full article here.
MacDailyNews Note: Apple’s Mail is also affected. Please see related articles below. For now, move your Terminal application from /Applications/Utilities into a different folder until Apple’s fix is ready. As usual, only accept and open files from vendors and Web sites that you know and trust.
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Safari web browser auto executes shell scripts; disable ‘Open ‘safe’ files after downloading’ option – February 21, 2006
Warning: Like Safari, Apple’s Mail also auto executes shell scripts – February 21, 2006