Severe Security Hole in Apple Mac Safari Web Browser


As the German IT portal heise online conveys, a new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.

Once again the Safari option “open safe” files automatically after download bears the blame. If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore – it’ll just execute it anyways. Unfortunately you can simply rename a shellscript without a Shebang-row to known-good filetype extensions like JPG or PNG and put that renamed script into a ZIP file – zipping as well an administrative file that’ll connect that file with the shell. A target Mac then “knows” automatically how to open that file if it receives that ZIP – it’ll take it as totally normal to execute the “jpg file” with the shell.

To circumvent this issue immediately, you can exercise two countermeasures – the first one is to disable that unsafe option in Safari, the second one is to move the terminal to another place, as the connection between shellscript and terminal has a hardcoded file path to the terminal. Additionally, you should never ever work with administrator privileges – as one should be used to with windoze, this rule of thumb has the same virtues on a Mac as well

Source: 4null4.de

A rare exploit for Mac eh, it is possible to exploit, it’s not just a theory, you can find a proof of concept here:

http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html

With a Babelfish Translation.

Posted in: Apple, Web Hacking

, , , , ,


Latest Posts:


BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.
SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads


Comments are closed.