July 25, 2017

Safari Shell-Shocked By Scripts

Mac lovers are in a tizzy over the continued onslaught against their beloved Mac OS X. This time Safari is the victim as German website Heise reports on a security flaw in the browser. The option “Open ‘safe’ files after downloading” in Safari seems to be doing the dirty deed and the groovy thing is it’s activated by default.

Safari Trouble
Safari Trouble

Basically what happens is this. Safari has a feature that automatically opens media documents when they are deemed safe. It’ll also open up ZIP archives and show what’s in those. The feature is a convenience thing for most people and they find these types of things useful. There is a downside however. Heise describes:

Problems ensue if a shell script is stored into a ZIP archive without the so-called shebang line. If this line is omitted, Safari no longer recognizes the content as potentially dangerous and executes shell commands without a confirmation prompt. This behavior has been discovered by Michael Lehn, who has documented it on a web site.

Under normal circumstances, shell scripts begin with a “shebang line” such as “#!/bin/bash” to indicate which interpreter should handle its execution. However, Mac OS X will load scripts without a shebang line into the Terminal where it will be executed by a shell. If the user has assigned the Finder to open scripts using the Terminal, this will happen automatically.

If a script is given an extension such as “jpg” or “mov” and stored within a ZIP archive, Mac OS X will add a binary metadata file to the archive, which determines its association. This metafile instructs the operating system on another Mac to open that file with the Terminal application — regardless of its extension or the symbol displayed in the Finder. The Terminal will redirect scripts without an interpreter line directly to bash, the standard shell in OS X.

As Heise points out, the best way to deal with this problem is to turn off the “Open ‘safe’ files after downloading” function in Safari’s preferences. The user could also utilize other search engines available for Mac.

This doesn’t bode well for Mac users, as this is the third flaw pointed out in less than a week. While some critics of these discussions have suggest reasonable people would not do some of the actions required with the two viruses discovered, that is not the case with this problem. Also consider many of the problems with Windows stem from the fact unsuspecting people opened and email or clicked on a link they shouldn’t have. Both are simple mistake.

Critics also continue to charge this issue is “much ado about nothing” but this new case would seem to suggest otherwise. Some have even gone so far as to suggest there’s a correlation between the security companies who find these viruses and the discovery in itself. Could it be an industry creating threats for itself to fight…to keep themselves in business?

While iti s possible, it seems unlikely. Regardless, these malicious codes still exist and new ones are being invented every day. Even though Mac only has a small fraction compared to the Microsoft operating system, it still doesn’t mean there’s not money to be made.

Yep, some are saying that all this fuss is over nothing. Just remember that when the G5 gets hit hard. While Macs have been hit in the past in previous operating system versions, this is perhaps a bit more overshadowing and definitely foreboding. The one problem that many zealots of Mac seem to miss is the average user.

The average user of most personal computers doesn’t follow all this stuff religiously. Unless it’s in the local newspaper or the evening news, they legitimately might know about it. This rule applies to Macs as well. Many people might get them at home but not realize exactly what they have. While people do have some responsibility for maintaining their systems, this new shell script flaw is still a fairly significant problem that must be addressed by Apple as well.

Add to | DiggThis| Yahoo My Web

About John Stith 459 Articles
John is a staff writer for SecurityProNews covering cyber security.