I Would Never Snicker About Such a Thing

Mac addicts like to tout their chosen operating system's security superiority over those who have chosen Microsoft's product, but a report of a major security oversight in the latest release, Leopard, might just give Windows users something to snicker about. It seems the latest Apple OS has a critical flaw in its e-mail application -- a flaw that was fixed in older versions of OSX.

The flaw enables a person to attach malicious code to an e-mail attachment that looks like a simple JPEG image. When you double-click on that supposed image, the code runs and can do whatever it likes to your system, including deleting all your files (or just running something in the background to steal all your passwords). It surreptitiously uses the Unix command-line prompt that few OSX users ever see.

Older versions of Apple Mail pop-up a warning when such attachments are run, but this new one does not, leaving less-in-the-know Mac users somewhat in the cold. To see if your Mac is properly warning you about these e-mails, you can have a safe one sent to you by using the Emailcheck service at heise Security.

Tim Stevens3 Comments