Infrastructure // Unified Communications
News
11/20/2007
05:48 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Apple Mail Bug Rises From The Dead To Menace Leopard Users

The security flaw could create an e-mail attachment that executes malicious code when clicked on.

A security flaw in Apple Mail that was fixed last year has returned from the grave to haunt those using the e-mail app in conjunction with the latest version of Apple's operating system, Mac OS X 10.5, otherwise known as Leopard.

An attacker exploiting the security flaw could create an e-mail attachment that appears to be, for example, a JPEG image file, but executes malicious code when it is clicked on, without the warning dialogue that should be present.

"In March 2006, Apple corrected this problem," says Heise Security on its Web site. "On a current installation of the Tiger OS, Apple Mail issues a warning that the supposed image file is a program and is to be opened with Terminal. Apple apparently either did not incorporate this update into Leopard, or did not do it correctly."

Apple's Security Update 2006-001 fixed the flaw. "In Mac OS X v10.4 Tiger, when an e-mail attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not 'safe,' " Apple's Security Update explains. "Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments."

An Apple spokesperson could not be reached because Apple is closed this week for Thanksgiving.

Last week, Apple released security updates for the most recent versions of its Mac OS X operating system, Panther, Tiger, and Leopard.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.