December 4, 2008 in Security by Vincent King
… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.
Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html
The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=041adff5c23959be413ca81a7d5d6cfa63e9e403a95ddf4c5533056aba84f9bb9e2cd7acd6b5a3fc47beeff134f64a3229573cb8303f61b45a2c10021cdebae0e9c2a18f70ba3ac7bd52ceb44ceaa89001b9b3b69f504e2309def77f76cbdc64c0622511a12b3f08387f2d47c2c461abdafebe6bb0bd9c65257baca22ba3f060288b4783a866dd0dff2e875da98a755e169eddcb00b1b509cc4417ec532284a84c7ba84d6d7949119a095d0bdc8a2a108ed655665570d7911af55a675570f747dd46080120a6802768089c62e6d4d84558387aa95685238d4b08e64c1d233902d9ba1286ddd820a7b5d7b9dcd2b515d8c3dd41bd6cfb100120fe57047e3b92101bc7490fe6c493db302262b017b8d6f5f799e9804264b5ec5a603d01dbbbe3ce2f2d5332eaf837f35b2b0b7b7190a466ff9bc6762e1cf2042650943c4795387dea06cac7c70a13b359c20af9338fb34fb7f1ce058254a941d9f8f90f60ce93b57240f8ad0e5ccf9c32c3b4c4bd5d67c5fae19a3d64bc0ec52d5b75f886c2c8f69a6ad24d12579e319fc8fcfc28e66562193575cf0b3638fbb68bac4d22c530c5824d0666b75f15355b9a640fc2a1ad9dd284b7b1d85647ca89a7eb3e05a911d09d8552fd619db56d619db4a5[[T_F]]
Tags: Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability
