Apple Mail Bug Rises From The Dead To Menace Leopard Users - InformationWeek
IoT
IoT
Software // Information Management
News
11/20/2007
05:48 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Mail Bug Rises From The Dead To Menace Leopard Users

The security flaw could create an e-mail attachment that executes malicious code when clicked on.

A security flaw in Apple Mail that was fixed last year has returned from the grave to haunt those using the e-mail app in conjunction with the latest version of Apple's operating system, Mac OS X 10.5, otherwise known as Leopard.

An attacker exploiting the security flaw could create an e-mail attachment that appears to be, for example, a JPEG image file, but executes malicious code when it is clicked on, without the warning dialogue that should be present.

"In March 2006, Apple corrected this problem," says Heise Security on its Web site. "On a current installation of the Tiger OS, Apple Mail issues a warning that the supposed image file is a program and is to be opened with Terminal. Apple apparently either did not incorporate this update into Leopard, or did not do it correctly."

Apple's Security Update 2006-001 fixed the flaw. "In Mac OS X v10.4 Tiger, when an e-mail attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not 'safe,' " Apple's Security Update explains. "Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments."

An Apple spokesperson could not be reached because Apple is closed this week for Thanksgiving.

Last week, Apple released security updates for the most recent versions of its Mac OS X operating system, Panther, Tiger, and Leopard.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll