Mac OS X Comes Under Fire From Hackers

Mac users who thought they didn't have to deal with the security headaches of their Windows counterparts should think again. Macintosh security tools developer Intego announced Friday that it has identified a "critical" vulnerability in the Mac OS X desktop operating system.

Long considered a more secure desktop OS, primarily because it lacked the breadth of Windows and thus was less of a target, OS X has recently come under increasing fire from hackers. Last week, security experts reported two new Mac-focused viruses, one that targets Apple chat users and another that exploits a flaw in Apple's Bluetooth software.

This new problem is a Mac OS X metadata exploit. Intego released a statement explaining that "compressed archives can contain resource forks and HFS metadata stored in an invisible '__MACOSX' folder. Data contained in these resource forks and HFS metadata can mask the real type of a file in the archive, causing shell scripts to execute if users double-click such files."

Intego advises Safari users who have not turned off auto-execution of "safe" files will download the malicious Zip archive, which will then execute. Even if this option is turned off, the Zip archive will download, and a user may double-click it to decompress it, then double-click its contents, causing the file to execute.

Intego also uncovered an additional exploit in which a malicious user can hack a Web site and add a script to a page that generates a Zip archive containing executable code. A user merely needs to visit a Web page to trigger it: The script actually creates the Zip archive; the file itself does not need to be on the hacked server or any other server, meaning that users may go to a Web site where they expect to download legitimate files such as zipped graphics, video or other applications and end up with a potentially dangerous executable.

The company suggests that Safari users uncheck the option Open "safe" files after downloading, found in Safari's General preferences, and Intego also offers VirusBarrier X and X4 solutions that provide protection from this type of file.

In related news, earlier this week, Symantec Security Response confirmed the new vulnerability in the Macintosh OS X version 10.4, rating it as high severity. Symantec also is counseling users to turn off the "Open safe files after downloading option" in their Safari browsers and watch for further information from Apple. The most up-to-date information from the company can be found at http://docs.info.apple.com/article.html?artnum=108009.