Email us! Subscribe to Liquidmatrix!

Apple Mail Command Execution Vulnerability

Author: Dave Lewis
November 22, 2007 at 9:53 pm · Filed under Apple, Vulnerability

This one is unpatched as of this point. This was discovered by Heise Security.

From Secunia:

Description:
A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an error in the handling of unsafe file types in email attachments. This can be exploited via a specially crafted email containing an attachment of an ostensibly safe file type (e.g. “.jpg”) to execute arbitrary shell commands when the attachment is double-clicked.

This is related to vulnerability #8 in:
SA19064

The vulnerability is reported in Apple Mail included in Apple Mac OS X 10.5 (Leopard).

Solution:
Do not open attachments from untrusted sources.

Article Link

Tags: , ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Apple Mac OS X UDIF Memory Corruption Vulnerability
  • Apple QuickTime Exploit In The Wild
  • Vulnerability in Microsoft Word Could Allow Remote Code Execution
  • Apple Releases 10.5.2 Security Update
  • Apple QuickTime Java Handling Unspecified Code Execution

    • Leave a Comment