Mac users.
I've seen several "exploit in Safari, fix here" posts drifting by, and...yeah. It's worse than that. Excerpt from the SANS stuff:
Heise published another article about the MAC OS X vulnerability and,
unfortunately, it is as bad as we thought it is (even worse).
The original article is at
http://www.heise.de/english/newsticker/news/69919.
The article also says that the Mail application is vulnerable as well.
What's even worse, the attacker doesn't need to send a ZIP archive; the
shell script itself can be disguised to practically anything.
The Finder looks like the main culprit for this....
Heise published another article about the MAC OS X vulnerability and,
unfortunately, it is as bad as we thought it is (even worse).
The original article is at
http://www.heise.de/english/newsticker/news/69919.
The article also says that the Mail application is vulnerable as well.
What's even worse, the attacker doesn't need to send a ZIP archive; the
shell script itself can be disguised to practically anything.
The Finder looks like the main culprit for this....