Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    New Security Hole Found in OS X

    By
    Ian Betteridge
    -
    May 18, 2004
    Share
    Facebook
    Twitter
    Linkedin

      A newly discovered hole in the Mac OS X operating system that could potentially allow hackers to access a users files—and even delete them—has raised fresh doubts about the security of the platform.

      The issue revolves around two URI handlers, “help” and “disk.” The first allows any AppleScript on the users machine to be run, while the second allows users to mount a disk image automatically over a network. In theory, this allows malicious users to create a Web page that will either download a small disk image onto a Mac or mount it remotely, then execute an AppleScript on the mounted image, which could contain any Unix command— including ones to remove any file in the users Home directory. The flaw works with any browser, including Safari, Internet Explorer, and Firefox.

      Apple representatives could not be reached for comment on the issue. One Mac user claimed he had alerted the company to the problem in February and has yet to receive a response. In the past, Apple has declined to offer any public comment on security holes until it has released a patch.

      The news caps six weeks that have highlighted the potential for security flaws in OS X, raising questions over its reputation for being more secure than Windows. In April, anti-virus company Intego announced it had discovered what it claimed was “the first Mac OS X Trojan Horse,” called MP3Concept. However, the company received heavy criticism from users when it was revealed that no example of the Trojan, which exploited the potential for embedding code in the ID3 tag of an MP3 music file, had been found in the wild.

      Last week, the British magazine MacWorld discovered the first genuine OS X malware, an AppleScript application disguised as a demo for Word 2004. The malware, dubbed AS.MW2004.Trojan by Intego, was a simple 108KB AppleScript that took advantage of AppleScripts ability to execute Unix applications, running a command to erase the users Home folder when opened.

      For insights on the Mac in the enterprise, check out eWEEK.com Executive Editor Matthew Rothenbergs Weblog.

      Although the newly discovered hole represents bad news for Apple users, the platform still remains relatively unexploited compared with Windows. Commenting on the earlier Word Trojan, Denis Zenkin, head of corporate communications for Russian anti-virus company Kaspersky Labs, pointed to the sheer number of exploits, both simple and complex, for Windows compared with OS X: “During 15 years of our experience of battling against viruses we have accumulated hundreds of such Trojans for Windows.”

      For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Nik Rawlinson, editor of MacUser magazine in London, said that the spate of security scares on the Mac was mostly hot air. “The Web went mad when news of the first Mac Trojan emerged and the usual pack of detractors came out to gloat,” he said. “For most of us, though, it was no surprise it turned out to be a lot of excitement over not very much at all. Mac OS X remains the most secure operating system you can buy.”

      However, Thomas Kristensen, chief technology officer of security company Secunia, of Copenhagen, Denmark, cautioned Mac users against overconfidence about the level of security on OS X compared with Windows. “All operating systems and software have flaws, and its dangerous to categorize one OS as more secure than another.”

      And, Kristensen said, the fact that Apple has concentrated on ease of use may well work against it in the security stakes. “Unless a system is built from the ground up with its focus on security, youre going to have plenty of holes. Apples focus with OS X is ease of use first and foremost.”

      Check out eWEEK.coms Macintosh Center at http://macintosh.eweek.com for the latest news, reviews and analysis about Apple in the enterprise.

      Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page

      Ian Betteridge
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×