Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Serious flaw on OS X in Apple Safari SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Serious flaw on OS X in Apple Safari
We received notice from Juergen Schmidt, editor-in-chief at, that a serious vulnerability has been found in Apple Safari on OS X.  "In its default configuration shell commands are execute[d] simply by visting a web site - no user interaction required."  This could be really bad.  Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article:
Proof of concept from the original discoverer (Michael Lehn):

The problem is due to a feature that is activated by default: Open Safe Files after downloading.  A zip file is considered safe and so they will be opened automatically.  Subsequently, a shell script with no #! at the beginning of the script will be executed automatically.  No user interaction!

Recommended action: disable the option "Open 'safe' files after downloading" in the "General" preferences section in Safari.


112 Posts

Sign Up for Free or Log In to start participating in the conversation!