Wednesday, February 22, 2006

Apple Safari Browser Vulnerability Reported

A critical vulnerability has been reported in the Safari browser shipped with Mac OS X, which could allow an attacker to automatically run scripts when a user visited a malicious website.

The flaw affects how MAC OS X determines which program must run to open certain types of files. If a Unix shell script is renamed with a Safari extension, it is considered 'safe'.

If the '#!' sequence is omitted and it is compressed in ZIP, Safari can be tricked into downloading the script, decompressing it and assuming that it 'safe', then passing it to the Mac OS X Terminal application to run.

This could allow an attacker to use ascript to delete data or programs, damage the configuration or obtain personal user information. Apple is working on an update that resolves this problem, known as a 'zero day exploit'.

In the meantime, Safari users can disable the option"Open 'safe' files after downloading" in the General panel in the browser preferences. This option is disabled by default in new installations of Mac OS X 10.4.5, but enabled by default in old systems or in systems that have upgraded to Mac OS X 10.4.5.