Leopard Mail Called Security Risk

Mac users with Leopard installed are being warned of the resurgence of a security flaw in Apple Mail.

The flaw was earlier patched for Mac OS X 10.4 in a software update that was released last year, but has reportedly returned in the current iteration of the email application.

Heise Security reports the flaw, which could let malicious attackers disguise malicious software as benign file attachments, was left open in Apple's new OS.

"Files on a Mac can contain additional information, such how another program should be used to open them. The operating system stores these in the file system in a so-called "resource fork", which is linked to the file. This type of information is usually limited to the local system; however, for emails the MIME format AppleDouble allows resource forks to be attached - these are automatically analyzed by Apple Mail," the security researchers explain.

The original flaw was caused by limitations in the Download Validation feature that warns an email user if a message is safe to open. Researchers found that they could attach malicious code to otherwise benign files, such as JPEG's. When an file with such malicious code crafted to it was opened, the hidden code would be initiated.

"In tests performed by Heise Security, the Terminal window opened directly in most cases when the attachment to the email check test email was opened," Heise said, though test results were inconsistent - while some maliciously-coded attachments triggered a warning, others failed to do so.

Subscribe to the Tablet Tips & Trends Newsletter

Comments