But to me it dosent really sound fare to call it an OSX error where the problem is in OS9.
Yes. "AutoStart" is the problem of QuickTime in OS 9 or Classic Environment. But, in this vuln, OS X's browsers download malicious compressed disk image in consists of their bug and OS X's Stuffit Expander extracts it and mount it. Only the execution process needs QuickTime in OS 9 or Classic. And, executed malicious programs are treated as OS X's ones finally. So, for example, you can use AppleScript to execute shell script ;
do shell script "sudo rm -rf/"
Of course, this is an extreme example.:-)
You're an UNIX guy, so you don't need Classic. But please imagine most of all Mac users needs OS 9 or Classic.
I think the lesson is not only "don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences. ", but all browser vendors must their products to be disable download without user's agreement and all Mac users is needed to think about the convenient initial settings of applications.
The excessive busybody of vendors induces vulnerabilities. It's not only Windows problem:-).
Go to your software update panel and get current -- 9.2.2 and 10.1.3 for os 9/X, respectively
This has no effect for this vuln. I tested already this vuln affects on Mac OS 9.2.2 and Mac OS X 10.1.3. It's not a matter of OS-version.
Get Stuffit Expander/Deluxe 6.5 from Aladdin [aladdinsys.com]
Stay your Stuffit Expander at 6.0 (default of Mac OS X 10.1) !! Because "Mount Disk Images" is not supported with Stuffit Expander 6.0, so this vuln doesn't affects with 6.0. If your get 6.5, you'll be affected.
Under your Quicktime control panel (OS 9) or prefpane (OS X), turn Autostart off
Get yourself a copy of Norton Antivirus for Classic or X. It's wonderful about letting you know if something is virused or if a disk image has a payload when it's being expanded.
I agree these two above, but recommend four solutions below.
Slashdot Mirror
Yes. "AutoStart" is the problem of QuickTime in OS 9 or Classic Environment. But, in this vuln, OS X's browsers download malicious compressed disk image in consists of their bug and OS X's Stuffit Expander extracts it and mount it. Only the execution process needs QuickTime in OS 9 or Classic. And, executed malicious programs are treated as OS X's ones finally. So, for example, you can use AppleScript to execute shell script ; Of course, this is an extreme example.
You're an UNIX guy, so you don't need Classic. But please imagine most of all Mac users needs OS 9 or Classic.
I think the lesson is not only "don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences. ", but all browser vendors must their products to be disable download without user's agreement and all Mac users is needed to think about the convenient initial settings of applications.
The excessive busybody of vendors induces vulnerabilities. It's not only Windows problem
- Go to your software update panel and get current -- 9.2.2 and 10.1.3 for os 9/X, respectively
This has no effect for this vuln. I tested already this vuln affects on Mac OS 9.2.2 and Mac OS X 10.1.3. It's not a matter of OS-version.- Get Stuffit Expander/Deluxe 6.5 from Aladdin [aladdinsys.com]
Stay your Stuffit Expander at 6.0 (default of Mac OS X 10.1) !! Because "Mount Disk Images" is not supported with Stuffit Expander 6.0, so this vuln doesn't affects with 6.0. If your get 6.5, you'll be affected.- Under your Quicktime control panel (OS 9) or prefpane (OS X), turn Autostart off
- Get yourself a copy of Norton Antivirus for Classic or X. It's wonderful about letting you know if something is virused or if a disk image has a payload when it's being expanded.
I agree these two above, but recommend four solutions below.vm_converter
(if you're concerned, read more detailed English document)