Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Serious flaw on OS X in Apple Safari SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Serious flaw on OS X in Apple Safari
We received notice from Juergen Schmidt, editor-in-chief at, that a serious vulnerability has been found in Apple Safari on OS X.  "In its default configuration shell commands are execute[d] simply by visting a web site - no user interaction required."  This could be really bad.  Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article:
Proof of concept from the original discoverer (Michael Lehn):

The problem is due to a feature that is activated by default: Open Safe Files after downloading.  A zip file is considered safe and so they will be opened automatically.  Subsequently, a shell script with no #! at the beginning of the script will be executed automatically.  No user interaction!

Recommended action: disable the option "Open 'safe' files after downloading" in the "General" preferences section in Safari.


112 Posts
Feb 20th 2006

Sign Up for Free or Log In to start participating in the conversation!