17 October 2007 @ 17:47Does Installing Leopard Put You At Risk?
I had a chance to play with a developer’s install of Leopard recently. I like some of the new features, but there are others such as Time Machine that I won’t be able to fully review until my copy of Leopard arrives on October 26.
If you read my previous article about malicious files masquerading as completely innocent JPEGs, Excel files, etc., you may have thought to yourself, “I would never fall for that!”, or “I take precautions like browsing the filesystem in Column Mode.” Unfortunately, it turns out that Leopard appears to be taking a step backward in revealing to users the true nature of their files.
You can download the proof of concept here.
As you can see from the screenshots below, Tiger identifies the malicious file as a Terminal.app Document, whereas Leopard identifies the exact same file as a JPEG image (just as the evildoer would have you to believe). Even Leopard’s new Quick Look didn’t help us here. In the end, double-clicking the malicious “JPEG image” still opens the shell script in Terminal.app where it does its deed before you have a chance to stop it.
How should you protect yourself? Drag any untrusted files onto the icon of the application that you expect them to open in. Do not double-click files that you don’t fully trust.
I should also mention that if you use Apple’s Mail and/or Safari, these apps will warn you that there is an application in my sample disk image. Now, you still have to be smart enough not to open the JPEG’s that don’t look like applications.
by Jon | Add a comment | Posted in apple, exploits, mac, malware, security, shell script | Link to this