RealTime IT News

Zero Day Exploit Hits Apple's OS X

Apple Mac OS X users may be at risk from an "extremely critical" vulnerability that remains unpatched.

The apparent zero-day exploit comes as OS X users on the heels of recent reports that's Apple Mac users are now being targeted by worm writers.

Danish security firm Secunia has rated the new flaw "extremely critical."

The vulnerability is allegedly caused by a flaw in how OS X 10.4.5 handles file association meta data found in ZIP archives. Arbitrary commands could potentially be executed automatically via Apple's Safari web browser from a malicious site.

As of press time, Apple had not issued a patch or an advisory for the issue on its security update site. Just last week, Apple updated OS X to version 10.4.5.

Though there isn't a formal patch, there is a simple way to avoid infection. Secunia advises that Mac users disable the "Open safe files after downloading" option in Safari.

Secunia has also posted a link for users to test to see if they are at risk from the vulnerability.

The new security vulnerability comes as OS X is facing its first worms. CME-4, also known as Leap.A, appeared last week, spreading over Apple's iChat instant messaging system.

Security vendors including Symantec and Sophos reported over the weekend the discovery of OSX.Inqtana.A worm, which takes advantage of vulnerabilities in Apple's Bluetooth implementation.

"Viruses emerging for the Mac OS X platform is headline news for Apple fans, but they are currently posing far from the level of threat that Windows users face every day," said Graham Cluley, senior technology consultant for Sophos, in a statement.

"No one should panic, but this is an indication that hackers are showing an increased interest in targeting the platform."