Apple Mac OS X users may be at risk from an “extremely critical”
vulnerability that remains unpatched.
The apparent zero-day exploit comes
as OS X users on the heels of recent reports that’s Apple Mac users are now
being targeted by worm writers.
Danish security firm Secunia has rated the new flaw “extremely critical.”
The vulnerability is allegedly caused by a flaw in how OS X 10.4.5 handles
file association meta data found in ZIP archives. Arbitrary commands could
potentially be executed automatically via Apple’s Safari web browser from a
malicious site.
As of press time, Apple had not issued a patch or an advisory for the issue
on its security update site. Just last week, Apple updated OS X to version 10.4.5.
Though there isn’t a formal patch, there is a simple way to avoid infection.
Secunia advises that Mac users disable the “Open safe files after
downloading” option in Safari.
Secunia has also posted a link for users to test to see if they are at risk from the vulnerability.
The new security vulnerability comes as OS X is facing its first worms.
CME-4, also known as Leap.A, appeared last week, spreading over Apple’s iChat instant messaging system.
Security vendors including Symantec and Sophos reported over the weekend the
discovery of OSX.Inqtana.A worm, which takes advantage of vulnerabilities in
Apple’s Bluetooth implementation.
“Viruses emerging for the Mac OS X platform is headline news for Apple fans,
but they are currently posing far from the level of threat that Windows
users face every day,” said Graham Cluley, senior technology consultant for
Sophos, in a statement.
“No one should panic, but this is an indication that
hackers are showing an increased interest in targeting the platform.”