MacOS X Vulnerabilities
MacOS X Vulnerabilities
Some security vulnerabilities have been discovered in MacOS X that could lead to the execution of malicious code via applications such as the Safari web browser and Apple MAIL application. These vulnerabilities could allow a system to be compromised by:
- simply visiting a malicious web site with Safari
- by opening an attachment from an untrusted source in Apple MAIL application
- or by opening a file extracted from a malicious Zip archive.
Apple has not yet released patches for these vulnerabilities. We will be sending out additional information when official patches are available.
Recommended actions:
Until Apple releases patches, we recommend that all MacOS X users take the following actions:
- In Safari, disable the "Open 'safe' files after downloading" option in the General preferences section. For step-by-step instructions on how to do so please see: http://www.us-cert.gov/reading_room/securing_browser/#sgeneral
- In Apple MAIL application, do not double-click to open attachments or files extracted from Zip archives, even if they have supposed "safe" extensions, such as .jpg or some other image format.
For additional information on these vulnerabilities:
If you have any questions or concerns regarding these vulnerabilities, please contact the SCS Help Desk, x8-4231 or send mail to help+@cs.cmu.edu.
Thank you for your attention,
SCS Help Desk