Apple today released Security Update 2006-001 which is recommended for all users (Mac OS X 10.3.9, Mac OS X 10.4.5) and improves the security of the following components:
• apache_mod_php
• automount
• Bom
• Directory Services
• iChat: A malicious application named Leap.A that attempts to propagate using iChat has been detected. With this update for Mac OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers.
• IPSec
• LaunchServices
• LibSystem
• loginwindow
• Mail: n Mac OS X v10.4 Tiger, when an email attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not “safe”. Certain techniques can be used to disguise the file’s type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments.
• rsync
• Safari: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the “Open `safe’ files after downloading” option is enabled in Safari’s General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9). (More fixes in linked article below.)
• Safari, LaunchServices: Impact: Viewing a malicious web site may result in arbitrary code execution. Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the “Open `safe’ files after downloading” option is enabled in Safari’s General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).
• Syndication
The Update is available via Software Update. Detailed information on this Update here.
MacDailyNews Note: For those who’ve moved their Terminal app out of /Applications/Utilities, you can put it back now after updating. 
For the Safari exploit, the safe online demonstration provided by Heise Security that you can use to determine whether your system is affected is included in the article here. (Updated systems will display a dialog stating: “‘Heise.jpg’ may contain an application. The safety of this file cannot be determined. Are you sure you want to download ‘Heise.jpg’?” Users should simply cancel the download).
Advertisements:
• Apple’s brand new iPod Hi-Fi speaker system. Home stereo. Reinvented. Available now for $349 with free shipping.
• Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Always an exciting day when you get updates from Apple.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
This update, from the description online, appears to address the “virus”/malicious code issues of the past couple weeks. Good to see a quick response.
So much for the so called OS X “virus” threat. Took Apple less than 2 weeks to shut that lame excuse for a virus down for good…
HERE IS APPLE AT ITS BEST – viruses, worms, trojans – common let’s have ’em Sophos. I’m not buying thank you very much, Apple does a better job of protecting me than you ever could.
There are now more more written articles about Apple malware than there are users affected by it.. 99.999% of us are just fine.
Cracks me up.
That was FAST. If only Microsoft took security threats as seriously as Apple. Well done!
If Windows users could only see the computer world from our perspective.
Thank you, Apple!
Virus protection without the possibility of your Mac getting broken.
Apple 1 – 0 Sophos
Yeah, I wonder if all of buggers who wrote gleeful articles about the “virus threats” to Macs are going to update or follow up writing about how godamned fast Apple fixed the “hole.”
I also wonder if I will wake up tommorow and have a pile of money on the bedstand and the ability to fly.
I think the latter is more likely.
Right on Mike!!
Safe bet that this won’t get any media attention though. Sad.
Way to go Apple!
MW: press
How appropriate.
Amusingly, I don’t think there’s any reported case of this virus really spreading around.
Does anyone have a link to the Leap.A trojan or the other proof of concept hacks, so that I can see the new safeguards in action? I’m doing a re-install in the next few days anyway, so it’s no problem is things go wrong…
For those who’ve moved their Terminal app out of /Applications/Utilities, you can stop taking crazy pills! Why move around components on your system in response to a therotical threat that has no one has ever experienced? The day that any significant number of mac users report having issues with their machines, I will take steps to make mine as safe as possible. Until then I’m not going to assume that of the 16 million OS X users I am going to be the first one to come upon a malicious attack, and if I am, hell, that’s my name in the record books.
No one took advantage of this whole, no one was effected. Those of us who didn’t move our terminal out of the applications folder had the exact same number of problems as those who did:0.
Right on Jay, but when I said moving Terminal was nonsense, I was called rude. Really, one can only lol…
well done Apple
Hey kids! Just for kicks, let’s take a look at all the scaaaaary “vulnerabilities” this patch fixes! After all, as we know, Mac OS X has just as many vulnerabilities as Windows XP, and we silly Mac users are deluding ourselves, thinking we’re safe. Right? Right! So let’s take a look on the Apple page linked at the top:
— apache_mod_php: Uh-oh, there’s a hole in PHP! Good thing the web server is disabled by default, huh?
— automount: File servers on the local network may be able to cause Mac OS X systems to mount file systems with reserved names! Oh dear oh dear! My local network was vulnerable! This means if someone broke into my house and somehow logged onto my Mac, he could do nasty things to my iBook, as long as it was also turned on and connected! How unsafe the Mac is!
— BOM: Some nasty person could have made an archive, and when I uncompressed it, the files could have been written to a totally different directory! As long as I have write authority to that directory. So, not the system or anything. But, they could put porn in my Pictures directory! Horror!
— Directory Services: “Malicious local users may create and manipulate files as root”! Oh no! If I had any other local users, I’d be peeing my pants right now!!
— FileVault: Oops, a bug allowed files to be accesses the first time FileVault was turned on. So if a bad person was really lucky and snuck up to the keyboard while I was going to the bathroom, he could read my stuff!
Look, it goes on like that. Check out the page, you’ll see what I mean. With the exception of the two biggies, most of these “vulnerabilities” are an issue only for folks on big networks where you can’t keep track of everyone using the system. In other words, home users were unlikely ever to be affected.
So the next time the local WinTroll wants to compare security patches, remind him that not all vulnerabilities are created equal. These things aren’t like anything on the scale of the holes in Windows that allow hackers to take over your machine 5 minutes after you plug in the Internet.
Does this mean we’re invincible again?
I have a question, should I still keep the open safe files after downloading box unchecked?
I have a question, should I still keep the open safe files after downloading box unchecked?
I have a question, should I still keep the open safe files after downloading box unchecked?
I have a question, should I still keep the open safe files after downloading box unchecked?
Andy:
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Question: Do you think all the web sites stating so smugly that “it’s over for OS X” will report the fixes?
Answer: Only if you believe in the tooth fairy.
Thx Apple! Stomped on all kinds of potential Trojans before they even got out of the gate.
Not like the Trojan before could do a darned thing anyway (it couldn’t go on the Internet only on a local network) but lets keep it that way!
” width=”19″ height=”19″ alt=”cool grin” style=”border:0;” />
Mac OS X viruses that ever did any harm. ZERO.
Mac OS X viruses that helped Apple make OS X even better–and fast!–ONE.
Andy,
Yes. Yes, we are.
We have been invincible…
We will be invincible…
We will always be invincible…
Long live the Apple!