Well, it’s finally happened: a nasty vulnerability in Mac OS X has been discovered. So far there are no real cases “in the wild” but that won’t last. Some reports call it a Safari weakness but that’s not it at all.
Until Apple releases an update to fix the problem, here’s what to do:
- Go into the Utilities folder (which you can find in the Applications folder).
- Rename Terminal. On my machines I just added an ‘a’ to make it Terminala.
On a related note, make sure you are applying security updates regularly:
- Open your System Preferences. (You can find it in the Apple menu if your system is not ancient.)
- Select Software Update.
- In the ‘Update Software’ tab, make sure you are checking for updates weekly or daily.
- Push the ‘Check Now’ button to go ahead and do it now.
Let’s be careful out there.
Did this post stretch your perspective? Consider subscribing!
thanks for the heads up. any possibility that whatever the vulnarability is could work around this solution by opening “Term” + * ?
Just turn off “open safe files” in Safari prefs and you’re golden.
Renaming the terminal (or moving it, as has also been suggested) can screw up OS updates unless you rename it back or move it back before applying the update.
Nathan: No, that’s OK.
Evan: Even turning off “open safe files” is a good step, but the unsuspecting will still get nailed if they open the zip file, then open the document (which looks legit unless you do Get Info). This thing can be emailed.
You are quite right about setting Terminala back before doing updates. I’ll note that when the fix comes out.
Another threat for Mac users
This threat isn’t really a big deal. The only thing such a script can do is act on behalf of the logged on user and change files the user has access to anyway. And this does not include global system configuration or other users data. Of course this un…
Jon,
It was not immediately clear to me whether this was only a problem with the new CoreDuo machines or with the G4s and G5s. I think it is a problem that is built into the Intel chip structure, is it not?
Jim: The demo of the problem worked fine on my PowerBook G4.
“4. Push the ‘Check Now’ button to go ahead and do it now.”
NOW NOW NOW!
Oh wait, I don’t have a mac.. :/
So tell me one thing. I was researching the Mac virus thing for an Internet security discussion in the class I am taking, so I went to the Apple website and could not find a single mention of it. Why is that? Is it just that since I don’t have OS X I just don’t know where to look, or do they make it deliberately hard to find?
OK, time to finish the process: