December 4, 2008 in Security by Vincent King
… a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.
Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html
The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!
[[T_F]]Digital Content Theft Prevention and Tracing, Downloads and Online Property Protectiontracefusion_signature=14c69909cccc06a1c765a4c09f11f4cb3b10d1750e12fe8352de31770b049bc77a22fee356a7a9e652ca78e522627e2d3d752d2bed2a59c8bb2eab94bb5a71fb93d5a5f3ea472656eb886e6f13c6611d383b74ae7cc462371f44b8a8b59fc87d150422bde5aa8b182e6b3953d6d675be8d612c933524a346463c6059663478834ecb12e92661c2cada769be1f00f1a4fba7bdfb56c8c5dde53f37a40a473611308e1108b8ab70dcf37f6e7510f2321bc43c35b1fc4b3532c7108e17043cfccb7a2c654091afefa83f5a846f6e0b8514eb282f65a834e4155eec63ac99c55e9478c881bdacd0853939bedf617573dfd25ae1f3c1de5d1e4d52fe8ef1c1734eb1eb40a28f43108deadb2c4477cdca124006d3eed5661fa8d9210d650a57a4e5429157921953b080cc0c08b9e3966969832868c4380bcfa8354382e22972c90c388a93640eb3ad724171fde90f7e74c74c24990f6d0916ecdf2366531e8c5d6d2f6cc3fc0bd9bc3a5f6f84c227fc529154be5ba4441131667d06a7f8217665b1c7281fd35bbb332a0b7e64fe71e239f1bcd222249aecb4e9539a26a3080bd730cc85983d51da7e43f6e9abfaf98f80ca6550433885648a3abf2414fde9dae752a11bd05d0317fdbd9e9477d92e9477c59[[T_F]]
Tags: Default Configuration, Discoverer, Os X, Shell Commands, Shell Script, Shell Scripts, Vulnerability
