CadCrazy
in search of myself
Fixed in Tiger in 2006, the flaw finds its way back into the newest Apple OS, according to a security firm.
A security problem in Apple Mail that got fixed in March 2006 has popped up again in Leopard, according to Heise Security. In a Nov. 20 posting, the security firm said that it had found that users can inadvertently start a potentially malicious executable by double-clicking an e-mail attachment injected with disguised code that looks like a JPEG.
The vulnerability has to do with the way in which Mac operating systems store file information, such as which program can be used to open a given file. Such additional file information, which is structured data, is stored in resource forks linked to the file, alongside unstructured data that's stored in data forks.
Apple Mail automatically analyzes resource forks that are attached through the MIME format AppleDouble—a file format Apple developed to store these dual-forked (dual, as in having both resource and data forks) files on the Unix file system used in Apple's first Unix-like operating system.
Read More
A security problem in Apple Mail that got fixed in March 2006 has popped up again in Leopard, according to Heise Security. In a Nov. 20 posting, the security firm said that it had found that users can inadvertently start a potentially malicious executable by double-clicking an e-mail attachment injected with disguised code that looks like a JPEG.
The vulnerability has to do with the way in which Mac operating systems store file information, such as which program can be used to open a given file. Such additional file information, which is structured data, is stored in resource forks linked to the file, alongside unstructured data that's stored in data forks.
Apple Mail automatically analyzes resource forks that are attached through the MIME format AppleDouble—a file format Apple developed to store these dual-forked (dual, as in having both resource and data forks) files on the Unix file system used in Apple's first Unix-like operating system.
Read More
