« Truth vs “Truth”
The best pho in Seattle »

Security Update 2006-001 Mac OS X 10.4.5

March 2nd, 2006 by ktula

This update will fix the recent vulnerabilities in Mac OS X. I have personally tested the vulnerability i mentioned 9 days ago and security update 2006-001 appears to be working. When attempting to download the same test file provided by heise online, even with the “Open safe files after downloading” option on, Safari will prompt you with this message:

download prompt from safari for unsafe file

If you click on “Download”, Safari will download and unzip the test file. However, the responsibility now falls on you to determine if the test file is safe to open. If you attempt to open the test file (which is basically a script masqueraded as a jpg), it will open Terminal and run the script. The harmless script will run these commands:

/bin/ls -al
echo
echo
echo “heise Security: Sie sind verwundbar.”
echo
echo

Sie sind verwundbar is you are vulnerable. Of course, the same file can be scripted to cause serious damage to your system.

Related posts

  • No Related Post

0 Responses to “Security Update 2006-001 Mac OS X 10.4.5”

  1. No Comments

Leave a Response

Yes, I would like to receive notification on incoming comments!

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

« Truth vs “Truth”
The best pho in Seattle »