New Mac Worm (?)

Bluetooth does have its range limits, though. Something to patch, but nothing to worry about, IMHO. I'm sure it would be of more concern to me if I lived in a heavily populated (like an apartment building) area, but I'm more than 30 feet from my nearest neighbor.

Jack

MacWorld is reporting a vulnerability in Safari that allows Safari's auto-expand to execute code stuck in a zip file. I ran a test on my own system with a test zip that tries to open the OS X calculator. And it did indeed bring up my calculator app as the file was decompressing.

Of course, whether anyone cares enough to expoit this, er...exploit, until it's fixed is another matter.

Y'know, as Mac users, we collectively whined and moaned about the measly 5% market share, and we promoted as much as we could, and we hailed the G3 and the iMac as the best things ever, and OS X as the next stage in human evolution...

... all we did was give hackers something new to do...

If we had just kept quiet and stuck with our single-threaded OS, we wouldn't be in this predicament.

Add sarcasm to taste, and serve with a grain of salt.

the good thin that Apple is not like M$, Apple will fix this problem if it come to there attention any thing that has problems with the OS like that Apple needs to know about it so they can jump on it. Apple needs to jump on things a bit more since the intel Mac's came out it all started after they came out. Yea OS X has exploits but what OS dont. i see this a sorta good thing so Apple can make there OS better. but on the other side can also not be good cause people now see its posable to do this stuff to OS X but if Apple jumps at it fast enuff then we should not have anything to worry about. I myself run OS 9.2.2 and OS X 10.2.8 but run OS 9.2.2 more on My Beige G3

MacWorld is reporting a vulnerability in Safari that allows Safari's auto-expand to execute code stuck in a zip file. I ran a test on my own system with a test zip that tries to open the OS X calculator. And it did indeed bring up my calculator app as the file was decompressing.

Of course, whether anyone cares enough to expoit this, er...exploit, until it's fixed is another matter.

The danger is that that code could also launch Terminal and do some nasties with the command line. Of course, most of the really bad things require a password to be entered, but it could still be enough to hose some things up real good.

Two ways to minimize the vulnerability; set Safari to NOT "Open safe files after downloading", in the General tab of Preferences. Also, don't be downloading & double-clicking things that you get from sites and people you don't know well (in other words, use some common sense.)

Apple patched this vulnerability long ago. I think this 'new' hotflash is just AV vendors trying to scare up a little Mac bui$ness. In any case, this exploit has never been seen "in the wild", it was only ever a technosperiment.

I wonder if M$ might have an interest in seeing this sort of 'news' floated around, it would certainly help thier case against 'switchers' as then they could say - "See?!? Even Mac OS is vulnerable!!" Not that I'm suggesting M$ would do something like actually participate in the spread of misinformation . . .

dan k

I think M$ would say somthing like that