December 4, 2008 in Security by Vincent King
… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.
Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html
The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=ca17758e254ce07a697ffb5e1effd309df8003b2b02562c4c737685997991629a5fca1bbb9f33b14c961dc95b1522ff17e443674d675a236ecfd70b2bd5412ee2f0a660b851e75ba4e20bd7530d8fc9f16b7ff2ac71310541690c1781d76a9cc5a5233802614e6333afde799aa348fa168f7fba1d3e3fba9b81787467380c4e2c05eee6d947e8f8dd7eef94713fbb9fcd1e9881034dfee0dfb8ba16cbedad058659059a6a4bb4087731990696377732881cc398cda9b62952523f6d99b5c621f4fd45405033186b95e4be446963f2d1c660d6406e1ae979acfec4609d36d9ff7e6f4696d12e6927a4a801d4b4a8a68a49089028c4afaa2d4787a3285fbd2f1f5ae0f354bdb51cee8a268573046e72c4526e48dff888faafea4219ceaf56adc6c2ae4d4d33f6cb89dcf1c9cd123bc80a0b0f995a737917ce493e0bb8091f118ab01721d0404da3122c3c068cf98d8c87b81c17f8874210649c30abdb87a553bdbafe32d087ad31a8da305e61bde07f8799252bc4b3df7468f961fb811d742325253f1d932969c9678f580fa4d73d474553716845a2ce66d75e01fa817b8b1695cae973d21165d63cb33624101d647042d183a2b2a3ff6f9e690010a71ac35ce62dad036462a12ccff3819ccff39d3[[T_F]]
Tags: Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability
