BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

OS X flaw may leave Macs open to virus attacks

Tags:
Security,
Mac OS X,
Bugs

David Becker CNET News

Published: 09 Apr 2004 20:25 BST

The flaw was reported by Intego, a French security firm specializing in Apple systems. The company said in a statement that it had encountered a proof-of-concept Trojan horse for OS X disguised as an MP3 music file.

"Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it," according to Intego. "But double-clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then (launches) iTunes to play the music contained in the file, to make users think that it is really an MP3 file."

Proof-of-concept bugs are typically created by security researchers to prove the existence of a software flaw. They exploit the flaw but don't do any damage. The OS X Trojan began circulating last month via a newsgroup posting.

Apple said in a statement that it was looking into the matter. "We are aware of the potential issue identified by Intego and are working proactively to investigate it," the statement said. "While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."

An Intego researcher said that exploit works by embedding a file with code written for Carbon, the OS X component that allows older programs to be updated to run natively in the new operating system. OS X's Finder application, which associates file types with appropriate applications, doesn't see the Carbon code and launches the malicious file.

A number of such spoofing exploits have surfaced for Microsoft's Windows operating systems, but Macs have been relatively safe from such exploits and other types of attacks. Apple released a security update for the latest version of OS X earlier this week.

Christophe Guillemin of ZDNet France contributed to this report

Did you find this article useful?
61 out of 129 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Bugs
Security

Mac OS X

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner