Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS Auto-Execution Vulnerability

Posted by pudge on Wednesday February 27, 2002 @11:15PM from the mac-os-is-like-so-insecure-and-stuff dept.

iGawyn writes "As reported in this BugTraq post, Mac OS and Mac OS X (via Classic) are both subject to an auto-execution vulnerability. In short, the poster says that various web browsers can automatically download a disk image containing malicious code and run it without ever telling the user. vm_converter made a test page to demonstrate the vulnerability." Yes, this is a nice variation on a theme. The lesson is: don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences.

2 of 20 comments (clear)

Min score:

Reason:

Sort:

How about others? by yourCat · 2002-02-28 00:30 · Score: 2, Interesting

Diskimage-auto-mounting is like QT's auto-start problem. Yes, but that isn't all. Mac OS has two other auto-starting methods, DiskCopy's script and AppleScript's folder action. How about those?
I think by 90XDoubleSide · 2002-02-28 05:57 · Score: 4, Interesting

we should give Apple a little credit for removing CD-ROM autoplay in OS X (which only allows you to turn on autoplay of audio CDs and DVDs). Followed swiftly by a slap on the wrist for not removing it from the latest builds of 9 an leaving X vulnerable through classic, of course:)

--
"Reality is just a convenient measure of complexity" -Alvy Ray Smith