January 11, 2007 11:54 AM PST
Mac flaw puts Safari surfers at risk
- Related Stories
-
Is Mac OS as safe as ever?
February 27, 2006 -
Mac OS flaw exposes Apple users
February 21, 2006 -
A safe browser? No longer in the lexicon
July 7, 2005
The vulnerability and "proof of concept" code to exploit it were released on Wednesday as part of the Month of Apple Bugs project. It affects Mac OS X 10.4.8, the most recent version of Apple's operating system and, possibly, previous versions, security researcher LMH said in the posting on MOAB's Web site.
The flaw can be exploited if the Mac user has enabled an option in Safari to "open safe files after downloading," Secunia said in an advisory Thursday. The security company has rated the problem "highly critical."
"It is never good to have something open automatically when you download it, so users should disable this automatic feature in Safari," said Thomas Kristensen, Secunia's chief technology officer.
Over the past year, security experts have scrutinized the "open safe" feature in Apple's code, and have said that the company hasn't completely closed up the security holes. The feature automatically opens files that are deemed to be safe. In March, Apple added a "download validation" function to the tool to warn people when they may be downloading a malicious file or disk image.
However, security experts have noted that malicious attackers could create a file that appears to be safe, such as a movie or image file, but is actually an application that gets loaded onto a user's system.
Security researchers are advising users to disable the "open safe" feature in Safari.
In response to the news, an Apple representative said: "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."
See more CNET content tagged:
Apple Computer,
Apple Macintosh,
security,
Apple Mac OS,
Apple Mac OS X
I've had this function off for a while, pending an update. Please do
not report on stuff that everyone knows already, just to get the
public's attention.
operator's error. Nothing whatsoever to do with Apple.
back over the last year and look at how many pot-shots they've
taken at Apple vs say Microsoft. It's not that Apple does everything
right, but CNET would serve it's readers better by being more even
handed. It's too bad that the editors have taken this approach as
the site could be a great source for news and product reviews. Have
you noticed how companies that advertise heavy with CNET get
better ratings?
It's time to step back, read an article for what it's worth, if you agree great, if you disagree, than equally great.
But for crying out loud, please refrain from saying how biased these reports are.
Is it wrong for a reviewer to use a Mac when writing a story about a Mac? How about using a PC to write about a Mac? How about using a Mac to write about a PC? Get over it....my favorite color is gray, yours is pink, his is red and hers green.
Who wants to spend their time bashing product reviews anyways???? Get a life!!!!!
not the norm. For those of you not understanding this, you
simply need to go to just ONE page.
http://news.com.com/The+dawn+of+Vista/
2009-1016_3-6132982.html?tag=nefd.lede
OSX has continued to evolve, and has yet to receive this kind of
treatment. To top it off, since CNET is supposed to be
reporting, you would think they would do actual, fair
comparisons. This rarely happens. Yes there are reporters in
CNET that strive to do a better job. I won't mention their names
because that would alienate them from the rest.
So go to that page, and read all about the innovations etc. We
have been getting a stream of Longhorn/Vista (I've forgotten the
other code names) for longer than I can remember accurately.
A lot of windows developers are still running windows for
development (gotta make a living) but they are using OSX, as
well.
The bottom-line, for years to come, Windows is entrenched, and
as long as they can strong arm vendors into shipping it, entice
and bribe people into using it. Its coming. But quit with all the
complete nonsense about how great it is.
is doing a great service.
But ... to avoid pushing people's sensitivity buttons, a little more
accuracy in the title of articles, or a little more clarity or less
journalism in the subtitles would be suitable.
For example : Mac Flaw Puts Safari Surfers At Risk could be more
accurately and fairly reported as : Simple Workaround Till Safari
Security Hole Closed.
Not only would this more accurately reflect the content of the
article, but it is significantly less enflamatory and 'journalistic'.
We computer affictionados do not need shock and awe. We'll
read atricles of obviously significant content without the
fireworks in the titles.
1. If a Mac runs a program that it has never run before = IT
ASKS YOU FIRST. It tells you that you are running a new program
and asks for permission to proceed.
2. If a Mac runs a software installer = it not only asks you for
permission + it asks for an administrator's password.
You might feel more secure behind a thousand firewalls - but
being able to work online without worrying about the threat of
viruses or spyware is priceless. I'm in 100% production while
most users spend time downloading updates, scanning files, and
clicking through confirmation pop-ups. While firewalling them
out, you've walled yourselves in.
is because it's only one of the operating systems FEW. They don't
put these at the top for windows because there are so many more
holes and viruses that can get into a PC without an anti-virus. Mac
OS X is so much more secure than Windows. I'm confident that
Apple will fix this is no time.
- So much for Mac security
-
by Ryo Hazuki
January 17, 2007 4:23 AM PST
- I wish I had a Mac so I didn't have to deal with these Windows-only problems.
-
Reply to this comment
-
-
See all 47 Comments >>