Just today, it was reported on Secunia that an extremely critical OS X flaw has been discovered. The problem arises from the way OS X handles the __MACOSX folder in ZIP-compressed archives. This problem exists even in the most updated Mac system running OS X 10.4.5. All I can say right now is that you should be very careful about what archives you open. Take the vulnerability test to see if your system is prone to such exploits. Hopefully, Apple will release an update quickly, as they recently did with the 10.4.5 update after the 10.4.4 exploit. Thanks to Charles Dale for pointing me to this one.
The vulnerability is caused due to an error in the processing of file association meta data (stored in the “__MACOSX” folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive.
PaulStamatiou.com runs on the Thesis Theme for WordPress
Thesis is the search engine optimized WordPress theme of choice for serious online publishers. If you’re a blogger who doesn’t understand a lot of PHP, Thesis will give a ton of functionality without having to alter any code. For the advanced, Thesis has incredible customization possibilities via Thesis hooks.
With so many design options, you can use the template over and over and never have it look like the same site. The theme is robust and flexible enough not only to accommodate a site like PaulStamatiou.com, but also to enable the site to run far more efficiently than it ever has before.
I used the Scribe WordPress plugin and service to optimize this blog post for SEO.
{ 4 comments… read them below or add one }
I just confirmed the flaw works on an Intel Mac version 10.4.4.
Hmm, anyone have the zip? i wouldnt mind checking how all of this works
No exploit here…. running 10.4.4
But seriously, don’t you guys check the contents of your zips before you expand them? Especially if they are from unknown sources.
my firefox just asked- what should I do with this zip? so yeah, I’m safe, I think.