Mac OS X Comes Under Fire From Hackers - InformationWeek
04:00 PM

Mac OS X Comes Under Fire From Hackers

Macintosh security tools developer Intego announced Friday that it has identified a "critical" vulnerability in Apple's OS X desktop operating system.

Mac users who thought they didn't have to deal with the security headaches of their Windows counterparts should think again. Macintosh security tools developer Intego announced Friday that it has identified a "critical" vulnerability in the Mac OS X desktop operating system.

Long considered a more secure desktop OS, primarily because it lacked the breadth of Windows and thus was less of a target, OS X has recently come under increasing fire from hackers. Last week, security experts reported two new Mac-focused viruses, one that targets Apple chat users and another that exploits a flaw in Apple's Bluetooth software.

This new problem is a Mac OS X metadata exploit. Intego released a statement explaining that "compressed archives can contain resource forks and HFS metadata stored in an invisible '__MACOSX' folder. Data contained in these resource forks and HFS metadata can mask the real type of a file in the archive, causing shell scripts to execute if users double-click such files."

Intego advises Safari users who have not turned off auto-execution of "safe" files will download the malicious Zip archive, which will then execute. Even if this option is turned off, the Zip archive will download, and a user may double-click it to decompress it, then double-click its contents, causing the file to execute.

Intego also uncovered an additional exploit in which a malicious user can hack a Web site and add a script to a page that generates a Zip archive containing executable code. A user merely needs to visit a Web page to trigger it: The script actually creates the Zip archive; the file itself does not need to be on the hacked server or any other server, meaning that users may go to a Web site where they expect to download legitimate files such as zipped graphics, video or other applications and end up with a potentially dangerous executable.

The company suggests that Safari users uncheck the option Open "safe" files after downloading, found in Safari's General preferences, and Intego also offers VirusBarrier X and X4 solutions that provide protection from this type of file.

In related news, earlier this week, Symantec Security Response confirmed the new vulnerability in the Macintosh OS X version 10.4, rating it as high severity. Symantec also is counseling users to turn off the "Open safe files after downloading option" in their Safari browsers and watch for further information from Apple. The most up-to-date information from the company can be found at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll