Intego, makers of VirusBarrier and other Mac OS X security software, on Wednesday issued an alert regarding a flaw in the way that the Mac OS X v10.5 “Leopard” handles files that have been downloaded from the Internet. This affects Mail attachments, according to Intego.
The problem was identified on Tuesday by U.K.-based Heise Security, which says it’s identical to a security flaw that first came to light in Tiger Mail back in March, 2006 — a security flaw that Apple actually patched in Tiger, but has apparently reappeared in Leopard (causing Heise to refer to it as “the same old error”).
Heise says that a file downloaded from the Internet can contain a resource fork that will cause the Mac to open the file (if it’s double-clicked by a user) in Terminal, automatically executing a shell command sequence. The file is “disguised” as another type of enclosure; in Heise’s example, a JPEG image.
Apple has not yet released a security update for this issue, according to Intego. Intego has updated the virus definitions file used by its VirusBarrier X4 software to work around the issue. The definitions file is dated Nov. 21, 2007.
Editor’s note: Due to a reporting error it was originally noted that this problem affects file attachments in Mail, Safari and iChat — this only affects Mail attachments.
This story, "Leopard file download security flaw discovered" was originally published by PCWorld.