• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Safari Vulnerability Detected


Eric Bangeman said:
Here's how it works: if a Safari user has the "Open 'safe' files after downloading" option checked (which enables movies, images, music, text, PDF, and a few other automatic documents to be automatically opened upon completion of a download), a specially designed shell script can be executed. Normally, shell scripts will not be executed after Safari downloads them without user confirmation. However, if the script lacks a "shebang line" (e.g., #!/bin/csh) and the Finder is set to open scripts using Terminal, the Finder will pass the scripts to the Terminal application, where they will be executed.

If a script is given an extension such as "jpg" or "mov" and stored within a ZIP archive, Mac OS X will add a binary metadata file to the archive which determines its association. This metafile instructs the operating system on another Mac to open that file with the Terminal application -- regardless of its extension or the symbol displayed in the Finder. The Terminal will redirect scripts without an interpreter line directly to bash, the standard shell in OS X.

Part of the problem is due to the manner in which Mac OS X determines filetypes. Unlike OS 9 and earlier, which relied solely on file metadata (a four-digit creator code) to determine a file's type, Mac OS X uses both metadata and the extension to figure out how a file is handled. So although the script contains metadata in the form of a Terminal type/creator code, the .jpg or .mov extension causes Safari to treat it like a safe file.
Not a big deal, as hardly anybody uses macs.

Is this really the beginning of a wave of Mac OS X malware? Probably not. Given Apple's relatively small market share, it's not as attractive a target for malware writers as Windows is. That could change, if the installed base of computers running Mac OS X continues to grow as it has over the past year or so.
Perhaps in 10 years or so we shall see if they start picking on it. I highly doubt they will gain more market share than they have already due to corporations in most part sticking with MS.


Act your wage.
Political User
I can't believe that article was posted today -- the "vulnerability" has been known since shortly after OS X 10.4 was released, almost a year ago. I've never seen a report that this has been taken advantage of, either.

I hope that the market share doesn't get high enough to convince hackers that it's worth their time. I like my secure OS and want to keep it to stay that way.
Man, they are way behind then. Can you toss me a link from a year ago?

On the market share thing I'd have to agree. Some of my graphic design clients are very picky,
so I outfit them with Macs and OSX and they shut up. ;)

EDIT - Does this mean they have waited a full year and still havn't patched it? TSK TSK? ? ?
Last edited:


Act your wage.
Political User
Mastershakes said:
EDIT - Does this mean they have waited a full year and still havn't patched it? TSK TSK? ? ?
It's not the kind of vulnerability that needs a patch -- that's why I call it a "vulnerability." In response, Apple turned the option on, by default, to prompt the user to open (mount) the download instead of it happening automatically. This was actually in the form of disabling the "open safe files" option. Additionally, most anything that writes to the system level requires an administrator password, so that layer of security exists as well. There really isn't much of a risk.

I'll dig for the initial reports of this.


Political User
It is ease of use to have stuff mounted automatically. We shall see how long it lasts before the option is A. removed, or B. worked around such that things like this can't happen.

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member