Re: Mac virus information (from MacFixit)
OldCSMAer
Michelle Steiner <mich...@michelle.org> wrote:
> Tuesday, February 21 2006 @ 11:00 AM PST
>
> OSX/Inqtana.A, OSX/Inqtana.B worm (#2): Sophos AntiVirus software
> generating false positives, wreaking system havoc
>
Also from MacFixit:
> As we noted below in "Odds and Ends", the "Safari Automatically Executes
> Shell Scripts" vulnerability that has recently garnered increased discussion
> is extremely similar in nature to a bug we discussed in the middle of last
> year, where Safari would automatically open a compressed .zip file and
> execute a potentially malicious Widget.
>
> The scenario for that vulnerability went like this:
>
> You click on a seemingly innocuous link, and view the resulting page's
> content. Meanwhile, a meta tag embedded in the page (META
> HTTP-EQUIV="Refresh") downloads a Widget in the background, and Safari --
> which is, by default, set to automatically open "trusted" files, including
> Widgets -- quietly places the newly downloaded Widget in the
> ~/Library/Widgets folder. The next time you access Dashboard, the Widget is
> loaded in the Dashboard storage bar, and executed when you click it or drag
> it out of the bar. The only indication you will receive in Safari indicating
> that this process is happening is a generally unnoticeable refresh of the URL
> address bar.
>
> The vulnerability was fixed in Mac OS X 10.4.1.
--
Arf!
Old CSMAer