Full Disclosure mailing list archives

Re: Question about Mac OS X 10.4 Security

From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Tue, 28 Feb 2006 10:49:09 -0500

I think you're living in a fantasy world. The recent vulnerability,which allows the running of arbitrary code simply by clicking on alinked zip file will probably result in at least a handful of newviruses/worms for the Mac platform within the next week or two.

I agree 100% . Zip file / metadata bug added to a malicious InputManager, fucked up dyld file or environment.plist is like instant IE stylepopup city for Mac users running Safari. It would literally take about20 minutes to put something together.


-KF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Question about Mac OS X 10.4 Security Ferdinand Klinzer (Feb 28)
- Re: Question about Mac OS X 10.4 Security Stephen Johnson (Feb 28)
  - Re: Question about Mac OS X 10.4 Security Paul Schmehl (Feb 28)
    - Re: Question about Mac OS X 10.4 Security KF (lists) (Feb 28)
    - Re: Question about Mac OS X 10.4 Security Stef (Feb 28)
    - Re: Question about Mac OS X 10.4 Security Mike Owen (Feb 28)
- Re: Question about Mac OS X 10.4 Security Michael Holstein (Feb 28)
  - Re: Question about Mac OS X 10.4 Security KF (lists) (Feb 28)
- <Possible follow-ups>
- Re: Question about Mac OS X 10.4 Security Steven Rakick (Feb 28)
- Re: Question about Mac OS X 10.4 Security Steven Rakick (Feb 28)
  - Re: Question about Mac OS X 10.4 Security Stef (Feb 28)
    - Re: Question about Mac OS X 10.4 Security Paul Schmehl (Feb 28)