New Mac Worm (?)

8 replies [Last post]
astro_rob's picture
Offline
Joined: Mar 19 2005
Posts: 320

This just came across the wire...
Second Apple worm targeting Macs found: experts...
Any thoughts?

__________________

Tinker Ergo Sum!
iBook G4 "Snowy", iBook Clamshell "Tang", Tandy Model 102 "Tandy", Tandy Model 200 "Deuce", Palm IIIxe "Xerxes", HP Jornada "Jordana"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Offline
Joined: Dec 21 2004
Posts: 82
Hmmm..

Bluetooth does have its range limits, though. Something to patch, but nothing to worry about, IMHO. I'm sure it would be of more concern to me if I lived in a heavily populated (like an apartment building) area, but I'm more than 30 feet from my nearest neighbor.

Jack

eeun's picture
Offline
Joined: Dec 19 2003
Posts: 1891
Safari Flaw

MacWorld is reporting a vulnerability in Safari that allows Safari's auto-expand to execute code stuck in a zip file. I ran a test on my own system with a test zip that tries to open the OS X calculator. And it did indeed bring up my calculator app as the file was decompressing.

Of course, whether anyone cares enough to expoit this, er...exploit, until it's fixed is another matter.

__________________

"Give a man a fire, he's warm for a day. Set a man on fire and he's warm for the rest of his life."
(Terry Pratchett)

Reverend Darkness's picture
Joined: Dec 20 2003
Posts: 502
market share....

Y'know, as Mac users, we collectively whined and moaned about the measly 5% market share, and we promoted as much as we could, and we hailed the G3 and the iMac as the best things ever, and OS X as the next stage in human evolution...

... all we did was give hackers something new to do...

If we had just kept quiet and stuck with our single-threaded OS, we wouldn't be in this predicament.

Add sarcasm to taste, and serve with a grain of salt.

__________________

When I see lightning, you know it always brings me down... because it's free, and it's me who's lost and never found.

madmax_2069's picture
Offline
Joined: Sep 24 2005
Posts: 664
the good thin that Apple is n

the good thin that Apple is not like M$, Apple will fix this problem if it come to there attention any thing that has problems with the OS like that Apple needs to know about it so they can jump on it. Apple needs to jump on things a bit more since the intel Mac's came out it all started after they came out. Yea OS X has exploits but what OS dont. i see this a sorta good thing so Apple can make there OS better. but on the other side can also not be good cause people now see its posable to do this stuff to OS X but if Apple jumps at it fast enuff then we should not have anything to worry about. I myself run OS 9.2.2 and OS X 10.2.8 but run OS 9.2.2 more on My Beige G3

__________________

Beige G3 AIO,Yikes, Digital Audio, Performa 475, Newton MP 2100, Apple IIgs, HP D530 SFF, Wyse winterm 3360SE
http://www.Apple2online.com

davintosh's picture
Offline
Joined: Dec 20 2003
Posts: 554
Re: Safari Flaw

eeun wrote:

MacWorld is reporting a vulnerability in Safari that allows Safari's auto-expand to execute code stuck in a zip file. I ran a test on my own system with a test zip that tries to open the OS X calculator. And it did indeed bring up my calculator app as the file was decompressing.

Of course, whether anyone cares enough to expoit this, er...exploit, until it's fixed is another matter.

The danger is that that code could also launch Terminal and do some nasties with the command line. Of course, most of the really bad things require a password to be entered, but it could still be enough to hose some things up real good.

Two ways to minimize the vulnerability; set Safari to NOT "Open safe files after downloading", in the General tab of Preferences. Also, don't be downloading & double-clicking things that you get from sites and people you don't know well (in other words, use some common sense.)

__________________

Obsolescence is just a lack of imagination.
Visit my blog: davintosh.com -- it may not be up to date, and it may not be exciting, but you can say you've been there.

dankephoto's picture
Offline
Joined: Dec 20 2003
Posts: 1900
this scare is total B$

Apple patched this vulnerability long ago. I think this 'new' hotflash is just AV vendors trying to scare up a little Mac bui$ness. In any case, this exploit has never been seen "in the wild", it was only ever a technosperiment.

I wonder if M$ might have an interest in seeing this sort of 'news' floated around, it would certainly help thier case against 'switchers' as then they could say - "See?!? Even Mac OS is vulnerable!!" Not that I'm suggesting M$ would do something like actually participate in the spread of misinformation . . .

dan k

__________________

|| web page gone - curse you Comcast! | Applish goodies servers offline, sorry! |
» email macdan at comcast.net

madmax_2069's picture
Offline
Joined: Sep 24 2005
Posts: 664
I think M$ would say somthing

I think M$ would say somthing like that

__________________

Beige G3 AIO,Yikes, Digital Audio, Performa 475, Newton MP 2100, Apple IIgs, HP D530 SFF, Wyse winterm 3360SE
http://www.Apple2online.com

astro_rob's picture
Offline
Joined: Mar 19 2005
Posts: 320
Hot Off The Wire... From Wired...

Personally, I like Leander Kahney's take on all of this...
Mac Attack a Load of Crap...

__________________

Tinker Ergo Sum!
iBook G4 "Snowy", iBook Clamshell "Tang", Tandy Model 102 "Tandy", Tandy Model 200 "Deuce", Palm IIIxe "Xerxes", HP Jornada "Jordana"