December 4, 2008 in Security by Vincent King
… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.
Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html
The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=1394b326dce0992201845be6b40935d1a293d26e9bc5550764488e43b9be71d99d2b741b74385a9166193310c87027a8abc40979e8e902d865ab6ceead7539b2f3d6badf00f9a9b61944b7386773bbfceed9d8983d04e72a8fd530010037956276e2aa4cdacb890fe9e10b4616b662db95b1392398f95d624a419b7aab9a90e2ebff861e9be2354f510b3e055bdfa0452c3d35578ef8d84fd7666c1365f8e2804e0d704e1c1d5e5bd36a5f1a7702686bc84af1655ab4e4060de24d704267e050ca511f1637b197307f1f8b75f1c3cf524f2f6dbe4192349a5c1ff15b0a342e15cead0591cacf37b0a2c0aecbc5a202cfd4ca56aa7bec071637e94013692c85070cd05e18f1d384cc273575a700afc1e2e08efe975573a2fb4d772a16ccacf4d9383a4425fdef20e44c3c1c6c6687b371e88cd161390be5133147832b50822f6afd11ddd0d01d04a44ed51dee2498a458a0e6d9129543be56ceefee1877d984a26557efba194bd88b25d4a3d3aa4a70d2edf68d2a73ab19d23a4c62ef91d5dfe18d7dc55a0540892688dfebeb3ff172750e2262d81c212feca19cbb5a35d227d2955a1171a04802224c8d7318d5b6ba8ac593a0a6cf4150dd9eb0fc2912be06d0d37dabbf731efec3731eff0b[[T_F]]
Tags: Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability
