The vulnerability is caused due to an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive.In other words, simply surfing to a website with a bad ZIP file on it, could cause a trojan horse program to be run against your computer.
This can also be exploited automatically via the Safari browser when visiting a malicious web site.
The solution for now is (1) Make sure the "Open safe files after downloading" is NOT set in Safari and do not say "Yes" top open ZIP files from unknown sites, or (2) Use FireFox or Camino until this vulnerability is patched.
Hiç yorum yok:
Yorum Gönder