Mac OS Auto-Execution Vulnerability

iGawyn writes "As reported in this BugTraq post, Mac OS and Mac OS X (via Classic) are both subject to an auto-execution vulnerability. In short, the poster says that various web browsers can automatically download a disk image containing malicious code and run it without ever telling the user. vm_converter made a test page to demonstrate the vulnerability." Yes, this is a nice variation on a theme. The lesson is: don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences.

Re:mozzila seems to catch it

I am the author of that exploit.(taiyo@vinet.or.jp)
# vm_converter is documentation's author,but not exploit's.

>mozzila (0.9.8) seems to catch it no problem.
"All" mozzila is NOT safe with these vulnerabilites.
When user turn off "Always ask before opening this type of file" checkbox, mozzila catch these problem too.

>too bad the author didn't include a ......
I want mac users to turn off these vulnerabilites by themselfs (it's easy to do;-), because when another way (ex. very user-friendly archive tools can mount Disk-Image from archive files) to make this vulnerabilites appears, knowledge and experience to these vulnerabilites give correct methods to users.

Thanks for your recommend.

I think

[90XDoubleSide]

we should give Apple a little credit for removing CD-ROM autoplay in OS X (which only allows you to turn on autoplay of audio CDs and DVDs). Followed swiftly by a slap on the wrist for not removing it from the latest builds of 9 an leaving X vulnerable through classic, of course:)