Serious Mac OS X Leopard Quarantine Bug
Posted on by Peter James
Mac OS X 10.5, Leopard, provides a “quarantine” system that alerts users when they attempt to open applications that arrived via Mail, Safari or iChat, or that came in disk images via these programs. It also alerts users the first time they launch any other application they have installed or manually added to their Applications folder. This system should inform users of all cases when such executable files are being opened, but a bug in the quarantine system can allow users to launch attachments, which may be malicious, from Mail.
Until this bug is corrected in Mac OS X 10.5, Mac users are at risk of receiving maliciously crafted files, pretending to be image files, which could delete all of a user’s files, or may contain Trojan horses. It is important that users do not open attachments from unknown senders, especially those that come with spam messages.
Intego VirusBarrier X4 with its virus definitions dated November 21, 2007 protects against this problem. Since this bug allows maliciously crafted files to execute with a single click from Mail, users are advised to check for new virus definitions regularly, with NetUpdate, to make sure that they are protected against any new exploits that may arrive.
For full information about this bug, see this Intego Security Alert.