- #MAC TERMINAL COMMANDS RCD MAC OS X#
- #MAC TERMINAL COMMANDS RCD MOVIE#
- #MAC TERMINAL COMMANDS RCD ARCHIVE#
- #MAC TERMINAL COMMANDS RCD BLUETOOTH#
#MAC TERMINAL COMMANDS RCD MOVIE#
The result: double-clicking a seemingly harmless photo or movie opens Terminal.app and runs a shell script that deletes all your files (no administrative permission needed)! Then, Safari was set to open certain "safe" files for us. You can give a file a harmless sounding (and incorrect) extension and set its default application to Terminal.app.
Then Terminal.app opens a new shell, and executes the commands in the file.Ĭombine these two issues, and you get a mess. All you have to do is set Terminal.app as the application and double-click the file. This is a huge problem.Ī compounding factor is that Terminal.app will run shell commands in a UNIX executable file. Mail.app can handle resource forks as well. Resource forks can be included in ZIP archives, and BOMArchiveHelper.app reconstructs them for the extracted files. Usually this is not an issue because files that arrive by download, E-mail, or other means come without resource forks. You set this in the Finder Get Info menu by changing the Open with option. If a file has a resource fork, the application associated with the file can be different from the application associated with the extension.
#MAC TERMINAL COMMANDS RCD MAC OS X#
It seems to me that there are several problems that all go back to one central issue: resource forks! Mac OS X uses the file extension to determine which app to use if a file does not have a resource fork. So please, if you use Safari, take a second to disable the automatic expansion of downloaded files.Įdit: I edited the explanation of how one could be infected, to hopefully make it clearer. Given that our recent poll showed that Safari has close to a 60% browser share, this is indeed scary. Note that Safari ships with this option enabled by default, so many users may not even know they've agreed to have archives expand automatically on their machines. It's quite ironic that Apple themselves put the word safe in quotes there, as it's clear to me that almost no file from the internet should be assumed safe. You won't, however, need to worry about this happening without your intervention.
#MAC TERMINAL COMMANDS RCD ARCHIVE#
Note that you still need to practice common sense with downloaded files - if you expand the archive and then run the resulting file, it will still do whatever damage it would have automatically done. Thankfully, the short-term workaround is fast and simple: If you use Safari, open its Preferences, and in the General tab, uncheck the 'Open "safe" files after downloading' checkbox, as seen here:įrom now on, you'll have to expand downloaded files yourself, but that's a small price to pay for insuring your machine won't automatically fall victim to this vulnerability. This shell script, could, of course do anything your user could do - including, as an example, installing the Leap.A worm.
In a nutshell, a shell script can be written and then zipped in such a way that it will automatically expand and then execute on a user's machine. Other sites have done a very good job of explaining how this particular vulnerability works in detail, so I'll just summarize it here.
You can actually execute a program on your Mac by just clicking a link on a website, or, on a truly malicious page (using some HTML programming tricks) by simply visiting that page.
#MAC TERMINAL COMMANDS RCD BLUETOOTH#
While the Leap.A and Bluetooth programs required active user participation (you had to agree to accept a file, then expand and run it, for instance), this latest Safari vulnerability is riskier. Yesterday's news of a Safari vulnerability, however, is different. We generally post things that aren't time sensitive, and try to stay away from news as much as possible - there are many better sources for Mac-related news out there than this one!Īs such, I didn't post anything here about either the Leap.A worm/trojan or the Bluetooth worm, as they were both thoroughly covered on other sites, and there wasn't much 'tip like' that could be considered tip-worthy about either of them, beyond 'use common sense when downloading and opening files from others.'
As most of you know, macosxhints is not a 'breaking news' site.
0 kommentar(er)
