Mac Hole Has Users, Hackers Abuzz

[The Finman]

Quote:

<APPLET CODE="NewsTicker.class" CODEBASE="http://ticker.ap.org/ticker5" WIDTH="750" HEIGHT="18" ALT="UpToTheMinuteNews" ALIGN="top">
<PARAM NAME="copyright" VALUE="Detlef Beyer">
<PARAM NAME="offh" VALUE="740">
<PARAM NAME="offv" VALUE="18">
<PARAM NAME="imgh" VALUE="10">
<PARAM NAME="imgv" VALUE="5">
<PARAM NAME="imghb" VALUE="2">
<PARAM NAME="imgvb" VALUE="0">
<PARAM NAME="size" VALUE="12">
<PARAM NAME="style" VALUE="BOLD">
<PARAM NAME="font" VALUE="Times">
<PARAM NAME="spot" VALUE="yes">
<PARAM NAME="lines" VALUE="1">
<PARAM NAME="pause" VALUE="0">
<PARAM NAME="animtype" VALUE="13">
<PARAM NAME="debug" VALUE="no">
<PARAM NAME="gifon" VALUE="no">
<PARAM NAME="ranstart" VALUE="no">
<PARAM NAME="path" VALUE="http://ticker.ap.org/ticker5/txt/ticker.txt">
<PARAM NAME="background" VALUE="000000">
<PARAM NAME="textcolor" VALUE="00ff00">
<PARAM NAME="spotcolor" VALUE="ffcc33">
<PARAM NAME="reload" VALUE="yes">
<PARAM NAME="speed" VALUE="3.0">
<PARAM NAME="break" VALUE="no">


</APPLET>
<h2><font color=#003399>Mac Hole Has Users, Hackers Abuzz </font></h2>
Because of the way OS X handles certain protocols, a machine can be commanded through a Web link to run applications, scripts or Unix commands.

Though no victims have stepped forward yet, nefarious uses of the exploit are potentially unlimited.

Experts warn machines could easily be hijacked to erase hard drives, spread viruses and spam, and report bank account numbers and passwords.

Apple said it is aware of the exploit and is investigating.

"We take security very seriously at Apple and we are actively investigating this potential security issue," the company said in a statement.

The security hole first gained attention Tuesday after Secunia, a Danish security company, issued a security advisory.

By Wednesday, Secunia upgraded its advisory to its highest rating because of an outburst of scripts and applications designed to exploit the hole.

"The rating has been upgraded to Extremely Critical because the issues are very easy to exploit and a large number of working exploits are available," notes the company's site.

"A lot of people have been developing AppleScripts to utilize this," said Nicholas Raba, president of SecureMac.com.

People are going, 'Hey, what can I do with this?'

Raba said the security hole could allow crackers to install backdoors or key loggers (to spy on bank accounts and corporate logins) that would run completely unknown to the user.

"This is the first major security exploit in OS X that I know of."

The exploit appears to affect all versions of OS X and all browsers, including Safari, Internet Explorer and Mozilla, among others, according to various Net reports.

When either protocol is invoked by a Web link, browsers launch the Help Viewer program or automatically mount a disk image.

A good example can be found here: Richard Bronosky's script (Mac OS X systems only) invokes Unix's "du" command, which harmlessly reports the contents of a hard drive in the Terminal Window.

LixelPixel, a Web designer who lives near Munich but asked not to be identified, said he warned Apple of the vulnerability through its Bug Reporter system.


Full Article <font color="red"><u>Here</u></font>