FYI...

- http://isc.sans.org/diary.php?storyid=1138
Last Updated: 2006-02-21 09:32:13 UTC
"...Serious vulnerability has been found in Apple Safari on OS X. "In its default configuration shell commands are execute[d] simply by visting a web site - no user interaction required." This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website...
The problem is due to a feature that is activated by default: Open Safe Files after downloading. A zip file is considered safe and so they will be opened automatically. Subsequently, a shell script with no #! at the beginning of the script will be executed automatically. No user interaction!
Recommended action: disable the option "Open 'safe' files after downloading" in the "General" preferences section in Safari.
Update:
This actually looks more serious then we initially thought it is. The workaround specified above will prevent Safari from automatically executing the PoC file, but it looks like your machine is still vulnerable and it doesn't need Safari to run this file at all..."

- http://secunia.com/advisories/18963/
Release Date: 2006-02-21
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS: Apple Macintosh OS X ...
Description:
...Vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system.
Solution:
The vulnerability can be mitigated by disabling the "Open safe files after downloading" option in Safari.
Do not open files in ZIP archives originating from untrusted sources..."

FYI...

- http://news.com.com/2102-1002_3-6041685.html?tag=st.util.print
Feb 21 14:59:43 PST 2006
"...(Mac) Users of alternative browsers such as Firefox and Camino on the Mac are not exposed to the Web-based attack vector.."

FYI...

- http://www.techweb.com/article/printableArticle.jhtml?articleID=180206995&site_section=700028
February 23, 2006
"...Code has been posted to the Metasploit Project site, which rolls out exploit modules for its Framework tool on a regular basis. The code targets the so-called "Safe file" flaw in Apple's Safari browser..."

FYI...

Fresh Apple Patches
- http://isc.sans.org/diary.php?storyid=1160
Last Updated: 2006-03-02 00:09:47 UTC
"Apple released a security update called "2006-001". It is claiming to update following components:
- apache_mod_php
- automount
- Bom
- Directory Services
- iChat
- IPSec
- LaunchServices
- LibSystem
- loginwindow
- Mail
- rsync
- Safari
- Syndication
For detailed information on this update, we'll refer you to apple's article 303382*. This update is very critical to install on your Mac OS X machines..."

* http://docs.info.apple.com/article.html?artnum=303382

Once again...

Apple Mac OS X security patch bundle 2006-002
- http://isc.sans.org/diary.php?storyid=1188
Last Updated: 2006-03-13 23:44:56 UTC
"Apple released some more security patches today for Mac OS X in a bundle called 2006-002*.
* CoreTypes: CVE-2006-0400
Fix for an XSS scripting vulnerability in archives by flagging the documents as unsafe.
* Mail: CVE-2006-0396
Fix for a vulnerability allowing arbitrary code execution by clicking on crafted email messages
* Safari, LaunchServices, CoreTypes: CVE-2006-0397, CVE-2006-0398, CVE-2006-0399
Additional checks on top of those in the previous update.
* Various non security rated regression fixes in a.o. apache_mod_php (still based on PHP 4.4.1, not on the latest 4.4.2) and rsync..."

* http://docs.info.apple.com/article.html?artnum=303453

.

FYI...

- http://secunia.com/advisories/19129/
Release Date: 2006-03-14
Critical: Extremely critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
OS: Apple Macintosh OS X...
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Under certain circumstances, it is possible for JavaScript to bypass the same-origin policy via specially crafted archives.
2) A boundary error in Mail can be exploited to cause a buffer overflow via a specially crafted email. This allows execution of arbitrary code on a user's system if a specially crafted attachment is double-clicked.
3) An error in Safari / LaunchServices can cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when visiting a malicious web site...
Solution:
Apply Security Update 2006-002 ( http://docs.info.apple.com/article.html?artnum=303453 ).

FYI...

Apple Updates the Update
- http://isc.sans.org/diary.php?storyid=1196
Last Updated: 2006-03-17 05:03:56 UTC
"Today, Apple release Version 1.1 of its 2006-002 patch which was released on Monday.
Read more about it here: Apple 2006-002 v1.1*
This time, Apple only lists the patched components (php, CoreTypes, LaunchServices, Mail, rsync, Safari).
The update includes all the fixes released in the initial Apple 2006-002 an -001 patch...
'Would be nice to have a few more details from Apple. For home users: Apply the patch as soon as you can. At this point, Apple does not appear to offer the patches in distinct packages, which will make testing in larger environments tricky..."

Security Update 2006-002 v1.1 Mac OS X 10.4.5 (PPC)
* http://www.apple.com/support/downloads/securityupdate2006002v11macosx1045ppc.html