Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Mac support 
 » Linux support 
 » Windows PC support 

MacOS X Vulnerabilities

MacOS X Vulnerabilities

Some security vulnerabilities have been discovered in MacOS X that could lead to the execution of malicious code via applications such as the Safari web browser and Apple MAIL application. These vulnerabilities could allow a system to be compromised by:

  • simply visiting a malicious web site with Safari
  • by opening an attachment from an untrusted source in Apple MAIL application
  • or by opening a file extracted from a malicious Zip archive.

Apple has not yet released patches for these vulnerabilities. We will be sending out additional information when official patches are available.

Recommended actions:

Until Apple releases patches, we recommend that all MacOS X users take the following actions:

  1. In Safari, disable the "Open 'safe' files after downloading" option in the General preferences section. For step-by-step instructions on how to do so please see: http://www.us-cert.gov/reading_room/securing_browser/#sgeneral
  2. In Apple MAIL application, do not double-click to open attachments or files extracted from Zip archives, even if they have supposed "safe" extensions, such as .jpg or some other image format.

    For additional information on these vulnerabilities:

    If you have any questions or concerns regarding these vulnerabilities, please contact the SCS Help Desk, x8-4231 or send mail to help+@cs.cmu.edu.

    Thank you for your attention,

    SCS Help Desk