Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"The protection software currently popular is very specialised in what it protects from. Until a ..."
on Majority of malware attacks go undetected
by John Challinor | Aug 20, 2008 9:11 PM
 
"Cyberwar is a natural progression now that computers control the infrastructure of society and ..."
on Georgia accuses Russians of cyberwar
by John Challinor | Aug 20, 2008 8:52 PM
 
"I came across a new RHOIUM Card that safeguards payment information so that there is no private ..."
on eBay hacker posts fake credit card numbers to site's security forum
by James Buffet | Aug 19, 2008 1:18 PM
 
"I'd suggest that people just not go back to any website that puts advertising dollars ahead of ..."
on Malicious "ransomware" banner ads go undetected
by Ivan Voshe | Aug 19, 2008 12:13 PM
 
"spyware"
on Antispyware added to BitDefender Online scanner
by maryam | Aug 19, 2008 6:08 AM
Application Flaws

Mac Mail flaw resurfaces in Leopard

  • Email a Friend
  • Print Page
Mac Mail flaw resurfaces in Leopard
Related Articles
By Shaun Nichols
Nov 22, 2007 10:21 AM
Tags: "apple" | "leopard" | "mac" | "leopard | security" | "security | expert" | "mac | security" | "mac | flaw"
Heise Security said in a news posting that it had found the flaw in Apple's Mail application.

The vulnerability lies in the way Mail handles image attachments. An attacker could take executable code and rename it as a .jpg file. Mail would then run the code without the user even being aware that an application had been started.

This could allow an attacker to distribute malicious code to users disguised as an image attachment.

Heise Security said that, while the unpatched vulnerability is unique to Apple's latest operating system, it is hardly new.

Apple patched the same flaw for Leopard's predecessor, MacOS 10.4 Tiger, in early 2006. When a user attempts to open the attachment in Tiger, a warning is displayed that the file is an executable and not an image.

"Apple apparently either did not incorporate this update into Leopard, or did not do it correctly," said Heise Security.

The security firm has set up a webpage which sends the user an email to test for the vulnerability.

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
Popular Tags
apple black breach data dns flaw google hat iphone languard mac malware mobility network patch risk safari scanner security updates