Posted on 02/21/2006 7:36:56 AM PST by Senator Bedfellow
A new security vulnerability in Safari has been identified by security experts at Secunia.
The company - which rates the flaw as “extremely critical” - says that the vulnerability was discovered by a source outside the company, Michael Lehn.
It can be exploited by malicious people to compromise a user's system, it warns.
The vulnerability is caused due by an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives.
“This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive,” Secunia warns.
It can also be exploited automatically by Safari when visiting a malicious website.
The company has released a test users can run to check if their systems have been affected.
The vulnerability has been confirmed on an up-to-date system running Safari 2.0.3 (417.8) and Mac OS X 10.4.5.
Users can mitigate the threat by disabling the "Open safe files after downloading" option in Safari.
Mine did.
How do I fix this?
BigMack
In Safari, under the Safari menu, select Preferences. Click on the General tab and look for a check box that says "Open Safe Files after downloading" and click it to put a check in the box. Done. This was the solution two years ago when this problem was first noticed.
Most of the Apple-related posts I see are by those who bash Apple users. I don't see too many Apple zealots, if any. Certainly nothing like what's popularly attributed. Apple users have yet to have a Golden Eagle-like poster.
Last year, I too thought the same... and undertook a study of several FR threads to see if I could determine the truth. My methodology and the results culled from 36 threads (18 Mac, 18 Windows) are posted below:
I have long thought that there was a distinct dichotomy between the civility of Mac users on MS threads and vice-verse. This was just a casual observation that Mac users on Windows' threads, aside from comments such as "Buy a Mac" in response to problems on MS Windows computers, were generally fairly helpful and polite compared to MS Windows users on Mac oriented threads.I decided to check and see if my casual observation was actually fact.
I did a Free Republic search for both "Windows" and "Microsoft" and read the first 18 threads I found dealing with Windows' security and OS issues. I then did a similar search for "Macintosh" and "Apple" as well as "OSX" and read the first 18 threads also dealing with Macintosh's security and OS issues.
I tabulated comments in each thread that I deemed were "invading" the thread (Mac is better than Windows in Windows threads, or Windows is better than Mac in Mac threads). I noted comments in three categories: mild, moderate, and insulting. Those which I deemed "mild" were those in which a platform advocate made reasoned commentary about their preferred platform and compared it to the subject platform. Those that commented denigrating the subject platform with ignorant or outdated mis-information, I deemed "moderate". Finally, comments attacking or denigrating the users of the subject platform, I deemed "Insulting". These judgments were subjective on my part... but I attempted to be totally fair.
The findings were eye opening.
Microsoft Windows Threads: In the 18 threads dealling with problems or OS issues of Microsoft Windows, I found 33 pro-Macintosh comments out of 944 comments in the threads. Those comments accounted for a mere 3.5% of all comments. Of those comments, 19 (2%) were of the mild "Buy a Mac" type, 14 (1.5%) were of the "Windows sucks and you should buy a Mac" category, and 1 was an outright insult to Windows users. Incidentally SIX of the 18 threads had no pro-Mac/Anti-Windows comments (although there were were Windows users slamming Windows in all but one of the threads!)
Four of the 18 Windows articles mentioned Macs in the body of the article... and naturally there were more pro/anti Mac comments in those particular threads by about 3 to 1 over articles that did not mention Macs.
Interestingly, 16 of the 944 comments in the Windows threads were gratuitous slams against Macs... 1.7%... and four of them were outright insults to Mac users themselves.
Apple Macintosh OSX Threads: On the 18 Macintosh threads, which were for some reason more active than the Windows threads with 1563 comments, (the percentages were far different). In those 1563 comments, 230 (an astounding 14.7%) were pro-Windows/anti-Mac comments! Of those, 89 (5.7%) were of the mild "Windows can do the job better" or "I prefer to use Windows because there is more depth to the software" type. 112 (7.2%) were of the moderate type, repeating out-dated or mis-information about Macs as gospel truth. There were 29 (1.8%) outright insult comments attacking or denigrating Mac users as" Gay", "Liberal" or "scraggly, goateed, artsy, hippies."
Going the other way in the Mac threads, 2.4% of the comments (38) were anti-Windows. Of those, 29 (1.9%) were mild and 9 (0.6%) were moderate... and there were zero insults/attacks of Windows users. Examining these, it is apparent that most are responses to the attacks and/or mis-information pushed by the Mac thread invaders (I hesitate to use the term "Trolls"). In five of the Mac threads, comments had been deleted by FR moderators due to abuse by Mac bashing invaders... nowhere was this found on the MS Windows threads surveyed.
The evidence is in. Windows "Microsofties" are far more insulting and invasive of Mac threads than "Macmoonies" are of Windows threads.
But, 1L, they are not lying. Most Mac users are reporting their experiences truthfully. It is YOUR unfounded assumption that we are lying.
You state later in this thread that you have owned Apple products in the past such as an Apple II and you now own an iPod... but do you own an OS X Mac? I doubt it. If my doubt is true, then you have very little experience with modern Macs on which to base your opinions.
I on the other hand, in addition to owning several OS X Macs, own several Windows machines running Windows from 98 through ME, 2000, XP, and XP Pro. I maintain the computers, IT security, and networks of about 35 small businesses, some of which use Macs and others that use Windows. I submit my experience on both systems is greater than yours.
Many Mac users have come from the Windows environment... and again have experience on both platforms. The same is usually not true of Windows users in general who tend to spout what they have heard from other as ignorant of Macs as themselves.
LOL!
You've blinded me. With science!
It was already checked, now what?
BigMack
My calculator popped us as well and I'll follow your directions when I get home. In the meantime, if this is a two year old issue, I'm amazed we haven't been shut down by now. Good karma?
No it's the invisible Rovian hand!
Yep, the bad guys don't aim at Macs since there are so few of them. You didn't know that ?
Dude, we (meaning YOU AND I) have had this discussion at least 4 times. Why you get defensive about the least little criticism of the Mac or of Apple, I will never know.
>>they are not lying<<
BS. I see Mac users all the time saying things like "I never have any trouble..." and then assert that PC users always have problems with malware. If you read Apple support forums, you will see there are many, many users with problems, some of which (e.g. kernel panics) are unheard of on PCs. You don't even know what or who I'm talking about, yet you assert I'm wrong. Incredible.
>>but do you own an OS X Mac<<
Nope. Too expensive and too slow. What? Apple products don't count if they don't run OSX? I was responding to the absolutely stupid claim (stupid because it was made without any information about me, and it was something the poster simply wanted to be true) that I was an Apple "hater." That's what I was responding to, and whether I own or have owned an OSX running product is irrelevent to that.
>> then you have very little experience with modern Macs on which to base your opinions.<<
I have used Macs extensively over the past 15 years. No, not as much as PCs running Windows and various flavors of *nix OS's, but I have used them nontheless. Please don't make ignorant comments.
>>own several Windows machines<<
This has always been amazing to me. I can not find a Mac so-called power user who doesn't own as many Windows machines as I do. Why is that if the Mac is the holy grail?
You say its because its your business to support computers and more clients use PCs than Macs, but why don't you figure out why that is. Its because for them, its more useful.
Then, you assert "I've never had a kernel panic (or whatever), so it isn't a big problem on the Mac", yet, you ignorantly claim that all PC users must by definition be hampered with malware intrusions (even though I'm not, and its very easy and FREE not to be).
>> Many Mac users have come from the Windows environment... and again have experience on both platforms.<<
I know as many people that have switched to the Windows platform from the Mac. You can't find school districts running Macs anymore. I do think these and other organizations can significantly improve their IT performance by getting off the Windows server products onto the open source products, as I have done. But even if someone or an organization chooses to go the Mac route, that's great. I fully support using the tool you want to do the job. The thing is: its only a tool, not something to get emotionally attached to. You can't seriously deny that Mac users aren't emotionally attached to their machines, and that is truly idiotic.
Please read through our past discussions and only respond with something new. If I've repeated something, please ignore it. I'm not interested in having this discussion with you every 6 months or so. It is amazing how you can troll every Mac thread and defend Apple against any criticism -- especially by me -- yet, you never show up on threads where I'm saying the iPod is the best music player on the market.
Yes, we have had these discussions at least 4 times... every time in Mac threads where you feel it is necessary to criticize a system you admittedly know very little about. Why you feel it is necessary to criticize Macs and their users in Mac threads I will never know.
In this thread you essentially called ALL Mac users liars. That means you called Terpfen and me liars. I challenged that. You then repeated the slur, as you have done at least four times before:
BS. I see Mac users all the time saying things like "I never have any trouble..." and then assert that PC users always have problems with malware. If you read Apple support forums, you will see there are many, many users with problems, some of which (e.g. kernel panics) are unheard of on PCs. You don't even know what or who I'm talking about, yet you assert I'm wrong. Incredible.
What part of "THEY are not lying." do you fail to understand? They have not experienced the problems. PERIOD. They are not the people who have had a problem and gone to a Mac trouble shooting forum to find an answer.
I have been using Mac OS X computers for five years and have seen maybe five kernal panics on ten or more computers. . . most of them on early versions of OS X. The same is true of the vast majority of Mac users. They are TRUTHFULLY reporting their experiences.
Many of those Mac users are also ex-Windows users and when they assert that Windows users "always have problems with malware" they are remembering their Windows experiences and the complaints they hear from the Windows using friends.
So what if you can go to Apple Support and find "many, many users" with problems. That represents a few thousand (maybe) out of 25,000,000 OS X Mac users... yet you assert that Mac OS X users who have not experienced problems are lying when they tell you that they have not experienced problems.
Nope... Apple products don't count if they don't run OSX?
No, 1L, if were discussing Apple computers then we are talking about OS X computers... those that were shipped in the last five years... not ancient history. We could also talk about all the issues with BSOD with Windows 95 and 98... but that, too, is ancient history.
I have used Macs extensively over the past 15 years.
Only your experience with Mac OS X over the past FIVE years would have any relevance to this discussion. And I mean USED productively, not just poked at the keyboard and moved the mouse for a few minutes in a store. Otherwise, your comments are like comments about Ford products based on your experiences with an Edsel... irrelevent and completely outdated.
I can not find a Mac so-called power user who doesn't own as many Windows machines as I do.
Why should they? They are Mac power users... and have no need of Windows anymore. But, you will find more Mac users that own Windows machines than Windows users that own Macs... that's a given... but the point was that Windows users are generally ignorant about Macs... while the reverse is not as true for Mac users. My point was that many Mac users are familiar with BOTH environments... often using Windows at work, but Macs at home. Seldom is it the other way around.
You say its because its your business to support computers and more clients use PCs than Macs, but why don't you figure out why that is. Its because for them, its more useful.
I have figured it out. But, 1L, sometimes the reason is purely inertia. Windows is what they were sold and Windows is what they stick with. Those clients of mine that have switched to Macs have been much happier with their computers. (And yes, there are Mac vertical solutions for many industries as well). Unfortunately for me, I don't make as much money from those accounts after they switch.
You can't seriously deny that Mac users aren't emotionally attached to their machines, and that is truly idiotic.
I don't think I have ever denied that. Mac users do get emotionally attached to the computer OS (not necessarily a specific machine, although I have run into that) because they appreciate the "Mac" experience. These Windows users are much more likely to make statement like The thing is: its only a tool, not something to get emotionally attached to.
Maybe you should ask yourself why Windows users don't get emotionally attached to Windows. I know people who were Windows users who did NOT enjoy their time on their computers who found that computing WAS enjoyable after they switched... and became emotionally attached. Converts to Mac, like converts to almost any religion, become much more evangelistic than people who have grown up in that religion or using Macs. They want others to "see the light" and find the enjoyment.
Please read through our past discussions and only respond with something new. If I've repeated something, please ignore it. I'm not interested in having this discussion with you every 6 months or so. It is amazing how you can troll every Mac thread and defend Apple against any criticism -- especially by me -- yet, you never show up on threads where I'm saying the iPod is the best music player on the market.
1L, this is a Mac thread... you are the "troll" here, not me. I maintain the Mac Ping list on FreeRepublic. It is YOU who has nothing new to offer when you post in a Mac thread... just the same old, same old, outdated negative comments that are not based on any true experience with the OS we are discussing. You might be surprised to find that I agree with many of your comments IF we were talking about OS9 and earlier... but we are not. As to the iPod threads... I read them... and post... but I don't own an iPod, so any commentary I might make, beyond correcting a few posters who like to post outdated information about the iPod (such as "you can't replace the battery" or "The batteries cost over $100"), would be as ignorant as yours on OS X.
If you don't want to me to continually correct your mis-information about Macs or discuss your ignorant opinions about an OS you don't use, then don't post mis-information or ignorant opinions in Mac threads. Certainly don't paint me and other Mac users as "liars" because you know a few Mac users who have had problems. We haven't and are therefore NOT LYING.
Sounds like the bug must cause typographical/grammatical errors.
I'll have to respond to the rest later, but just for a few bites:
>>you feel it is necessary to criticize a system you admittedly know very little about<<
First of all, I know plenty about it. Maybe not as much as you, but I've used it through the interface and through the terminal program after spending a great deal of time setting up my BSD systems. I haven't done a great deal with things like Applescript, but I've ran apps like Photoshop and music programs on there. Second, the only thing critical I said about OSX computers was that they were too expensive and too slow. That was in response to YOUR comment, not an original comment I made on this thread. You are being dishonest about what is being said if you are asserting I'm the one on here causing trouble. I never made an original statement, only one in response.
>>In this thread you essentially called ALL Mac users liars.<<
This is a lie. What was specifically stated was "mac users lying..." It was in response to the statement, "I just find it amusing that PC users are drawn to Mac threads -- to the extent that their posts frequently outnumber those of the Mac folks. Sort of like the morbid folks who watch NASCAR -- hoping for a wreck...." I was correcting the statement, and nowhere did I assert ALL mac users were liars. I know several (probably 6 or 7) mac users that agree with me almost 100% on these issues, but for one reason or another, use that platform for their work. Mostly musicians that work with Mac only studios extensively.
Why are you arguing like a liberal by making things up about what I said?
>>They have not experienced the problems. PERIOD. <<
Just like Windows users like me don't have the malware issues that Mac users always assert we do. You can't have it both ways.
Besides, my point was that there is no paradise in computing. For example, read these:
http://discussions.apple.com/thread.jspa?threadID=374520&tstart=0
and this:
http://discussions.apple.com/thread.jspa?threadID=368423&tstart=0
and this:
http://discussions.apple.com/thread.jspa?threadID=372858&tstart=15
It took me 2 minutes to find problems I've NEVER had in extensive use of multiple operating systems since 1983. Don't feed me the BS that Mac users don't have any problems and their computers work perfectly. They don't. They may not have the EXACT issues Windows has, but they have their own issues. That, along with the fact that it is not automatic that Windows user suffer from malware issues (I don't), was my only point.
I was using kernel panic as an example. You said here you've had 5 in the past few years on 10 or more computers. Since starting to use Windows NT in 1995 (2000 and XP to follow with a dizzying array of hardware configurations) in many organizations (including my own) and home (many, many more than 10 computers) I don't think I've had more than 6-8 actual crashes where I was forced to reboot the system. Maybe right at that number, and I have rebooted a number of times because I felt it would help things out. Now, what does that all mean? I'm not sure, but it doesn't support the notion that the Mac product is inherently superior.
I'll have to finish this later.
One exception - Safari installs with this option off by default. Outlook came (and may still, I don't know and don't use it) with the option enabled. Users had to dig up the option.
I don't use Safari much (I prefer FireFox on both Windows and MacOSX), but just tried it - and yep, the exploit works - if I enable the open safe files option.
BAD advice. You are suppose to UN-check the box. Checking it ENABLES the option.
Actually fairly common on windows PCs.... just not known by the same name. Ever seen the "Blue Screen of Death"? Those unrecoverable errors that Windows is known for? That is the Windows equivalent of a Kernal panic. And in my experience - I have seen such problems FAR more in Windows machines (from 98 XP SP2). I have seen a Kernal Panic exactly twice in my experience with OSX - One was with a piece of software (actually a game) that the developer acknowleded was their own coding error. The other was from a defective stick of RAM.
Errr, not to discount your report too much here, but userland software should never cause a kernel panic. There are plenty of ways to cause one, accidentally or intentionally, but the only way a *game* could cause one is if there's a hole in the OS, no matter how bad their coding is.
OOPSie... I think I did say "check" when I meant "uncheck"... my bad. Only excuse is tiredness...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.