Last week I reported three discovered “exploits” of Apple’s Mac OS X operating system that were receiving extensive coverage in the media. Some of the headlines were quite clever. “Ever Bitten an Apple and Found a Worm?”. “Worm Turns for Apple”. You get the idea.

I also promised last week to fill you in on the third exploit, but I ran out of words. Those of you who know me well know I don’t actually ever run out of words. I ran out of space. But, I digress.

So, the third exploit reported last week was… Wait. This just in. Yesterday Apple released a Software Update to Mac OS X that “closed the hole” on the third exploit. I can confirm that the Update works because I, as a service to you, the reader, purposefully downloaded and installed the exploit to be there “first hand” to see what it did. OK, so I’m not Anderson Cooper in New Orleans. We did have a pipe that froze this week, and I am a little miffed at the lack of Federal response. But, I digress again.

Where was I? Oh, yes. The third exploit took advantage of the way Mac OS X’s web browser, Safari, handled files as they were downloaded from the internet. Remember, this was a “laboratory exercise” revealed by a security software company. Anyway, Safari has a preference you can check to allow it to automatically open a file downloaded from a web site if it deems the file to be “safe”. Safe files include movies, pictures, sounds, PDF and text documents, and program installers that Mac OS X recognizes.

The exploit came in the form of a file that carried the suffix “.jpeg” (a photo) that was in reality a script that could have been used to get the computer to do something bad. Instead of showing the supposed image in Preview, the Terminal application opened and a harmless script ran that displayed the contents of the Directory. The concern was that this script could have deleted the Directory.

Apple’s Security Update made Safari (and Mail, which allows one-click opening of attachments) more discerning as to what is “safe” to automatically open. Again, I tested the downloaded “proof of concept” files after installing the Security Update, and the hole was closed.

So do Mac users need anti-virus software right now? Will the “early bird catch the worm?” We’ll see.

© 2006 Peter F. Zimowski