Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS Auto-Execution Vulnerability

Posted by pudge on from the mac-os-is-like-so-insecure-and-stuff dept.

iGawyn writes "As reported in this BugTraq post, Mac OS and Mac OS X (via Classic) are both subject to an auto-execution vulnerability. In short, the poster says that various web browsers can automatically download a disk image containing malicious code and run it without ever telling the user. vm_converter made a test page to demonstrate the vulnerability." Yes, this is a nice variation on a theme. The lesson is: don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences.

4 of 20 comments (clear)

  1. Auto-Start problems by ilovemydualg4 · · Score: 3, Informative

    Do you remember the autostart worm? It affected all macs with auto start turned on, a LONG time ago. One of MacAddict's "The Disc" included it on it by accident as well.
    This stuff has been going on for ever

  2. Re:mozzila seems to catch it by Anonymous Coward · · Score: 4, Insightful

    I am the author of that exploit.(taiyo@vinet.or.jp)
    # vm_converter is documentation's author,but not exploit's.

    >mozzila (0.9.8) seems to catch it no problem.
    "All" mozzila is NOT safe with these vulnerabilites.
    When user turn off "Always ask before opening this type of file" checkbox, mozzila catch these problem too.

    >too bad the author didn't include a ......
    I want mac users to turn off these vulnerabilites by themselfs (it's easy to do;-), because when another way (ex. very user-friendly archive tools can mount Disk-Image from archive files) to make this vulnerabilites appears, knowledge and experience to these vulnerabilites give correct methods to users.

    Thanks for your recommend.

  3. Autoplay by dr00g911 · · Score: 3, Informative

    For years now, smart Mac users have left Audio CD and CD-ROM autoplay off, because of a variety of worms that were propagated by those methods.

    There was a time back in '98 or so that just about every Zip or CD-R coming back from a service bureau was infected.

    Launching arbitrary code (fooling IE into thinking an .app is a .dmg) and autostart worms can be exploited in the same manner.

    Microsoft has known about this problem in OS X 10.0 for a while now (it's an IE problem in X, really, as IE is what autolaunches .DMG and .SMI images) the MacOS 10.1/IE 5.1 update supposedly alleviated the hole, FWIF.

    The article is speaking about a hole running with a Classic mode browser or running truly under OS 9 -- a variation on the same theme.

    If you're concerned about this:

    • Go to your software update panel and get current -- 9.2.2 and 10.1.3 for os 9/X, respectively
    • Get Stuffit Expander/Deluxe 6.5 from Aladdin
    • Under your Quicktime control panel (OS 9) or prefpane (OS X), turn Autostart off
    • Get yourself a copy of Norton Antivirus for Classic or X. It's wonderful about letting you know if something is virused or if a disk image has a payload when it's being expanded.

    Anyone who sends CD-Rs and Zips out and back in to their machine has no excuse for leaving autostart on, and Apple has no excuse for shipping the OS with those on by default, escpecially with the problems it has caused over the years.

  4. I think by 90XDoubleSide · · Score: 4, Interesting

    we should give Apple a little credit for removing CD-ROM autoplay in OS X (which only allows you to turn on autoplay of audio CDs and DVDs). Followed swiftly by a slap on the wrist for not removing it from the latest builds of 9 an leaving X vulnerable through classic, of course:)

    --
    "Reality is just a convenient measure of complexity" -Alvy Ray Smith