Contribute  :  Calendar  :  Advanced Search  :  Site Statistics  :  Directory  :  Files to download  :  Links for developers  :  Privacy policy  :  Web Resources  :  Polls  
    MacOSX Guru Site Information, tips and tricks, FAQ for Mac OS X developers    
 Welcome to MacOSX Guru Site
 Saturday, November 17 2018 @ 06:51 AM UTC

Mac OS X "__MACOSX" ZIP Archive Shell Script Execution

ANNA new alert has emerged regarding the possible security hole using social engineering and automatic opening of file by Safari to execute undesirable code on your Mac… read more here

While people start posting message in various web forums regarding this problem (with more or less pertinent remarks), let's analyze the possible solutions.
As many have said, disabling the automatic opening of "safe" files in Safari is the first step to make your Mac more secure.
But is that enough ?
Sure it is not, because if social engineering has made you download the file, it can make you open it later, even by mistake…
A better solution would be:
1. a tool (daemon) watching for files with inconsistancy between the content, the extension and the executable bit.
2. a safer replacement for the open command supplied by Apple.

A .mov file containg ASCII TEXT and with the executable bit set is not OK, right ?

Take a look at our little tool (its man page here) to get an idea of what can be done in that direction…
When used on the proof of concept file referenced in the Secunia article, with the command:
chkfileext -t
echo $?
it will prints 1 meaning the file is NOT safe to be opened (-1 error, 0 OK, 1 not safed == identified pattern of malware…)
To make it the basis of a open replacement, work has still to be done to support URL parameters as open does, but it's a first step…

What's Related

Story Options

Mac OS X "__MACOSX" ZIP Archive Shell Script Execution | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2018 MacOSX Guru Site
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.05 seconds