The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted malicious users to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x server 10.4.5 |
||
apple mac os x 10.4.5 |