Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Exploit for Safari Hole Raises Risk for Mac Users



 By: Paul F. Roberts
2006-02-22
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The security hole in the Safari browser can be exploited by files downloaded directly from a Web page and without any user interaction.

Software code that can exploit a hole in Apples Safari Web browser was added to a popular hacking tool on Feb. 22, raising the risks of attack for Apple Mac users.

So-called "shell code" that takes advantage of a security flaw in Safaris "safe file" feature was added to the Metasploit framework on Feb. 22 and a copy of the script was posted on FrSIRT.com, a software vulnerability and exploit Web site.

Apple did not immediately respond to a request for comment. On Feb. 21, the company said that it takes security very seriously and was working on a fix for the Safari vulnerability.

Resource Library:
The hole was first reported on Feb. 20 after security researcher Michael Lehn, a graduate student at the University of Ulm, in southern Germany, documented a problem with Safaris handling of shell commands.

The security hole could be exploited by files that were downloaded directly from a Web page and without any user interaction.

New Safari flaw, worms turn spotlight on Apple security. Click here to read more.

Lehn discovered the hole in a feature called Open Safe Files, which allows files such as ZIP archives and movie files to be opened and viewed automatically.

Safari will run specially modified shell script files that are stored in ZIP archives without prompting the user first. That would enable attackers to enclose a series of malicious commands in a shell script that would then be run automatically by Safari when the ZIP archive was downloaded from a Web site or opened as an e-mail attachment.

The code posted on Feb. 22 creates a new Metasploit module for the Safari exploit. It is a slight modification of "proof of concept" code written by Lehn, with minor modifications to make the exploit harder for IDS (intrusion detection system) software to detect, said Johannes Ullrich of the SANS Internet Storm Center.

Malicious hackers could set up a Web page, and then use Metasploit to trigger the Safari hole on the systems of Mac users who visited the site, he said.

Anti-virus software and vulnerability tracking companies said the Safari hole is very severe or "critical" for users of Apple systems running Mac OS X.

However, the hole does not affect the more than 90 percent of computer users running non-Mac systems.

Symantec advised Safari users to turn off the "Open safe files after downloading" feature on the Web browser and review an Apple document on safely handling files downloaded from the Internet. For more information on downloading files in Safari, click here.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Exploit for Safari Hole Raises Risk for Mac Users
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}v㶲sVQfEW-mtϜHHbL$e['YS7]hɗsNWBP(#I"nZΈ]sfS;q;O Z%Tw>; Ƶ(ˑԫ1mSHnwݶFN-gP'^> \?g3Q;Y|lYG|ݑ|YCXw:QtA3Mu֟CԿ($fҀ 8#/yy̧ u"˭#Uֶg5^q3ܙcgtZEؘ* =y7uLazH&5\O, ErؗYͼ@eȆ}sҾVUBXW{]rLη-gvo*syÝ1j럿tϕi^.s$Qw;7ܖuT[WnG.:Ac'H|A7" DT)Jj\(NDCajhZ^HuFFI/jj/4E; KHR S$XICF/XTUGb9j5z'򓩥yk^]^Mk]H>߈ecby 1=b Jw"=ZWӓKIKN;Wu")|vg5M0\̱8֪׷V׏`CK'^C&󁭡_68.?IN±,N/g90omYn^H.ޕ|T|Y|ěy30si2)߆I&w[ AVtBmT7o`H2 &4 .ͬZp-@lo K(H)5?&9gMil&XJp7є6`I˪2TI0%mQa:]R$y3DDȭ g/3/r.#}th8yWҽTws iغt09;>]-7+De,,ɺ s5-wfz;\gT?m6z'{ٹvS6>4A*NP'}2=jZIm;Ni|Q}ѦޡR?[iH'0i+wGݺzNӰ=Uԇ5D%h-DCwM0Ieg!@uKLΝ݀2&C?FtE@>X^0G`^@8)ppyY?0g>o߽5#z[-[X6x G͙A RN\Qo@' dQJ ds4.'P(AH 9 \99 ŊPޑvZ*&RPJnOq$#J"ڹ&,S,ЂW-Kᗄtfh(L=?j1!UG,D`v9r,L.Y O6JԍybQ9Դr>Ҥ79ZK9ܺyfm,@D%\EwT'tt?;\ f7!q<-%st0L=fX4К3=SA\^XPaN-]6O(tsb9`[ƘDWjP~@-Q;lz:OE<* ,qriyd:*<\yOӏOS ۀ}Q>T5I5);m97y_*MMEc7˅L4 +׬UPL g<)*[hs< ):[ȭOr1r@yOS*rH1g0dz[Oq=7Rt'ZC+>q^i.;[Lg˺z+fYX]۽/ 7RiO4 m {246@0ٖk_Xt jQWt0:T em:bZGJG!1~h/a2(> `5}sö VOU gC-tX)Z%a5sV@6d@7h`L DolVCax9ZzSt~g0]|:0T#}0 t1N(L>Fװ HZU{)u&Hx#e\6V,'Urqҝa|ia=m. ;ECK_0ͧW&v=&9Je!6C{e!O1]PZ`!?RP$G q/#Y /9m0ܡk]6bDugNPt>-Dږ3 G5uH8[̈́AE- 88qz??uPVF< [Kg>Zfm`+|\qgI оGhʰeXh`ZzuG6$sD(Mܥh&\3atS3m4`Hڸ/|P"58h|<> B KG"Z``EkǖYCǖbTۄІ|P*i9~Ò?DBRcK=ܴ>?CU^ٯVw"JPVblxcC+jrXT+ 7;|f~~{ J c1*|}G{ѷZpYkJo/>m^R39X>8ujN0fdAc>eLZj9AB;=R)hᮭ\pR "Yyp dEN\tCy!+pDZQO,ߘ_c)>(` |ѲIPё1[D ;@nUESUGK+^V< OQ#lzx `QtEa:Ji7YZX>bRjELRG ?cqiM)D pj@FMS؇Qcm/ kRٯTҞNj"X쵿9KCbRX h^;p 'w ԪO6 h)XS!bW hĞe~kՆ'ay6cIۛp|9|l33ONQMG9F T,[5^-093+ZH]'tNd_&&F}G ϣGjZ)1,09D|6uKl?g`&`p1\APB7ll*b*r1=_?K] [L4@V1'`O)n<0{L3wB>6 iok`$dmh~Y+->Q#2!n`OR-O8n6=R.R =cxSe}{c25w/UUNSF;:&ߐ@hO ]k8Ṩbv}b;_I|SeȃV)+i+TX񋰷 ?+ZTHU}dEӑ?^n!Vɕf/&I\XS(.>CUX)TԒ?IXᐋIA#G"ZAX_xL5AKfl!/`.P(c/hDmR.)+na/ ~ewm> Q?PG }ʔ[ā1W?f4$ڎbVpDc? h)렙tS6ndU:*ijARO“pӁ9tGFl~"tDơh2)dnQ==׵!YӀ,+(|ݙ}adJ䦳T.jZl[)Uʹwc"m4a!`0Xޫ=bxHP?l]Z.+~d9CT`|"@-a'd8'l{H '?wLaV*c7~.RH$ |BJ D;}ZPf&3 991u/x۾ ת%&l}* N=$QtW%|w:O;=n>3>&(=~f?<zaAfY/ЏWK?H iuq倔 Z~pxq"ڍM~61|˾NIMw $(XpOճ"qrҺ ]whg^py- @@W:^-WZKǝ?wH[M)^s)z2W#N8o}8`IN*axٸ O8>n6<԰6MFkdS4 H[3 BX:W'+N,8;XKR! }&>CmP6õhٮ;+^+[Ě_f·߅B!|J'<؇APC{ z P)'$ 'yst$;-38Ǟw=Ih!腘:Uaҏ"(BR.IHOUxv<\58Ql67>#FE'~i X x4~K0FGgqk'9#$ubS`Յ{ϛs; 0i!Qo =%E:W@dl&u"J M5"v=O?qu#1ݻaTwރd e~=m0첰uC%<0OL)dJHS'C8 z>SB&T5˓$-I^O Eqj ieʒ~(i'1ۡX#ҡԛ^6.6G8 (OLkrisy/eNx?IАZ#=p>~ℜ0n3|o5e'3 C7+o۝t9niamơ85J}~l'It2DjySa{wȪ̙S.ۉ~g#S^q:-< &jo臥4/MZ,d9oa}4؞qnbLd<J;noݍn T Of!!%FJ-cm !ဟк õcV#Ǵ p8|#؈fχGɎ?7e{cA|3 e\1Kp/WϦ7_C !]94y˭0L L ܻ'Vxe[bv[0| ttb9J[~vːuՓZ1M`JQٗwRy3<Յ&3DcĢhYS Tǽ'bJ_bAchEURr &WLΩnb;Ƽ"\Efv-a+OLiv[,#lN=4L>Đd~9˩h5UJ?/tcԐX(z1Kی!5aK=0Ƥ1LT`$A}@cDwD &oaH̫][+n@i=I)X2-`ue"<.Tzw6lS,xMP 7ZY#}Y-HXl=&yNH=(}gIhO,'5~/n!YuY AsR]n!VYMh4Ƅ Tc@g+qkNcuL$5PЇv+Gl+fT; ‚A2 n$Syۤ&6xgXi<%W}ޮ8&BD* '40?9P=K5i;n7- dԺ6C&> ?j-N PW,$wV-)j o*rg 2D@#Pܳ)RVڔ0+'Lik9x[m}ǜ(Ա%w(WTTm6EXoED4AX$l&Hzcz)"}i%MAuʲ?vo|k|PJx*A\}}}}ך+Ow_"^W}=Z&ե2̹褾xwA='ci_dT1~<I$ S«:R8Sݶ^A# 0{)"׉& *wABdf  oH*OŢb֋iJ@k:E q*<BRy>hϧ۸2GE_Y i]ܬv"> 9!}(vA@BXZW|Ѱ7k}Ӛ_۹f7U A(@sB e"mD͟|[~5s#hMjn TRKR̎P ';c>#n?b1EKl@.h S]L=},D7tyϽcDh갺Xoo[a0_V&gB8AXJrXD Ň>} "K&5@FPxAiLz^z1lsq̩Tl/ZNx;WHkcΩ]ZEWWs.}KBG(zdqK2/ #|Щ>& "r\餷 GTGv-R(M#E|ZSH3r3#lzZCJOk&}av̈́󄾋7ZzڝZ<Hsc58غsyrjy_E8a6 cjNG^87 [K`65~POR.g@%[5\ 0. 6)}ZP+(%\NC; })+f_`#׍ khݓ <:q_`ci*pM[*{5y-h<#Թ2O%ccZ|,{{GǙ;fQWs37`ƩP:b)(bE7@O,,(ϏB5 v7UIu~fvK .X`SYej xpƧx}2= jwcܕiZ51 0Y:ovN*' @=PgA~.\b@Ԕ0(VIB qXR~DB(s &kHgutlCap),f,TՊR &uU}u]j)P@]y}= YV^"ӄ\I \A] / PIZ  W{}K=`fru?TsE$ݏGeչ G5¶V-r5uuN>w.?.W^~jy1 Kyl21^ 3%,C rzh728ަΈKs!Yx9K xU< /gELyx&0á^wD0/& F^ 01Yc89jvZ6ZNA/|veQVףOm k􀖣Jcr.Mo )nyBg\uN2ʡuQoens73^_~33 og Y ? a>lg'E/>A3(?(# rߋ @;dȟȗN|̠Kx2+ 2 # 埲a|2 )P~U{AuF@ugK\8=Rer z)A^d_~*%iF>gȳ+z'^˰s3ce_7ˀqҺ<$R+ ]Q%>9-{[I2}ח c|U(X2M*#(48%Y}MNJ 4tk 7b[yDYAI{R}tEI>t𞫫qLw<-cENj).~QxdB$8VɴFV ! ͉(s#h03.Ñpۿy剹?|k2xq0<@ ۓ{ pۭ⦠ϻ]O-~k0.: 7Wm}ο.nmG;yh#ֽ2b;w6 K췡\j*85ߚLYu8 % {Y&ƀY8'R?аsW3@t5^i{A|3b9 7l Hj$7 rQӊj~JR~#\!aڌ`=bxUUEVro VVK D`q9CTx|Feiګ,91C=b;hǬ[ɖ^c(wp E#У# v̚HЯ˘E͛YȌ*æȗᄽNگ!ā` }pTB P}gq =u] XI4śgܙ߷|Fz .eа!,%sv[F0 c|N]3k累,O~f+g  cUݢQGoC1<:,e` NW>M&D|&ߢ)tOu T/AD[e[0Yfqíd<@T6?rނwr$K4]$ǖt{#KzUx7/ C4t'Uuz"0~.6uƤe @ Vs{-HZ~vuVskR0F601mx#>}t~ydV/P6틷'YLAƊv3&Fdu#aqq$f~̦I ů ېݗ Qn*} - }CQ=;d܆,0 ]3K~x\ Hv<}qO,kg4Mu<7\z!_L 8$Ҵ)6HLt)?ul71ayĺ |n9{/!fIw" o~'IK-}x= 9$Id`kԃ=$>x*8]vu$$}9= zH,+oTù($rQYztXuK_Rw(%쭰F /5IN뒑Lt:v>KuonmQ}#Km4 ưz< RȸA}F$5௚Bxz^Dl, ي]9vc{[/I)H0\dz\g;vv 3R,`+/2^;' 'Wbz`#Yұ ߜP DQ[ |qCZAߎKi[zQؗE@1agG[4RVIХI񿄷zH, 7AQ^ yJ>? T@| %\6LDR}J0~NZmv09DEPީ!/[vm)fGVFp)N<}q?ڢ uK ğ?X \ cwHV&(:bzUu ѫr!9|x@ooMëmj_U`7'#~"VœA6`0CF3 ܀}lI5Ox R}r87I )6%O- `⎈Me@6iRH\*,Dlf  ΋?Z&9qgSg _((U@Dq'˫Pxml< ^|:uKW]Q'nGaJt{]Kl C>`mR>EK ]'[٧3й?-{/ e[ ] ,{ QFbFshՆG0ޏq7Pl@ xS bz Gm;qr2Mi ѨpCTؖEǮd3^mǺgymDmY>mЍ5O!ngNbk*φŀ𞭞{Ⱦ! ^f#Ss묞˓ lI12, $8jVI;;a0&iE-㨤t`C v_ʉ~ph[?҈Y>A wVǰYF!Ƨ7'TS*4.>ϭn/]2xDh^"?P/KVlw6k+Ѐ7H>Y[PE"1ԝb:(z0 s͙!wc׆)a+cPMXjcL1G律YyL 52lv* X>ˣŬ"&D0Ȯ'R:tsh;h3T*@a$R3 ˋEj Z.t3\0xqBa0SSQ2JѬd;j _yfOȅ1,#ֻĊN|]t1NEO:m[xH%D=Sw= aF']f(FRqO\|l}8(>wb3u㆗5pxq"m9EKB\4 D>VqrҺS_&ȕ/g2f#oUAޚZfMZ%Nbj~ۊ#iQf8&rYObѥ;7 P%On6%s\ɜKBS+$WY/WiQ}"' Cf'ʱ wm<lx619z*