February 24, 2006 10:45 AM PST
Mac OS X Security flaw round-up
"Zero-day exploit" ("Safari Automatically Executes Shell Scripts") a.k.a the resource fork hole
- "Safari Automatically Executes Shell Scripts" vulnerability (zero-day exploit) [#3]: Protective methods, more
- Explanation, fixes for "Safari Automatically Executes Shell Scripts" vulnerability; similar to Widget vulnerability
OSX/Inqtana.A, OSX/Inqtana.B, OSX/Inqtana.C
- OSX/Inqtana.A, OSX/Inqtana.B worm (#3): Sophos fixes false positive flaw
- OSX/Inqtana.A, OSX/Inqtana.B worm (#2): Sophos AntiVirus software generating false positives, wreaking system havoc
- OSX/Inqtana.A worm affects older versions of Mac OS X 10.4.x (Tiger) -- not found in wild
Oompa-Loompa Trojan (OSX/Oomp-A or Leap-A)
- Oompa-Loompa Trojan (OSX/Oomp-A) [#3]: ClamXav virus definitions updated; When the trojan will ask for an administrator password
- Virus protection software makers respond to Oompa-Loompa trojan (OSX/Oomp-A); protective methods
- Mac OS X malware "OSX/Oomp-A" discovered -- effects seem innocuous
Because Omniweb has a feature that lets you list "safe applications" that you
allow to open files that are downloaded. Any applications that are not on the
list will not launch. Suffice it to say, Terminal is not on my list of allowed
applications. No patches or work arounds needed.
I for one will just stay away from Safari or any other browser that does not
have this feature until they catch up to Omniweb's cast iron security features.
Griff
- by Fingal February 28, 2006 9:56 AM PST
- After reading up on the Leap-A thing at various sources, it's not clear to me if
- Like this Reply to this comment
-
(3 Comments)it has actually succeeded in spreading by iChat at all. It sounds to me like
everyone who got it downloaded it from http://www.macrumors.com/ and
the only machines which got hit by way of iChat were ones on the same home
LAN as someone who downloaded it.
I think that the reason the press got out of hand with this has a lot to do with
some of the dialog which occurred on the Macrumors site right after the first
infections. It was immediately obvious to those involved that something had
gone wrong when they got a terminal window with "Process Completed"
instead of a picture when they double clicked on the supposed image. They
weren't sure what Leap-A had done and began to speculate. It's a perfectly
natural thing to wonder what's going to happen next when you've been hit
with something that is so obvious in being malware. It's also natural to
prepare for the worst.
I hope that the story of the story doesn't get lost in all this. Will the general
public be left with a confused and inaccurate impression of what happened or
will it be the story of how people react to such circumstances?