Updated May 24, 2004
According to Apple
, Mac OS X Panther "offers breakthroughs in innovation, ease of use and reliability". Apparently, these breakthroughs are also providing fertile ground for malware. Since its release in October 2003, Panther has been found vulnerable to several possible exploits. The first involves executing code via the ID3 tag rendered when an MP3 file is opened in Finder. The proof of concept Trojan demonstrating this vulnerability has been dubbed MP3Concept
by antivirus vendors. A second Trojan was discovered spreading on the P2P filesharing networks LimeWire and Gnutella and involved a fake Word 2004 demo
that erases the user's Home folder. Three vulnerabilities involving the URI Handler have been rated Extremely Critical by security consultants Secunia, all of which allow for arbitrary code to be executed on the system remotely. Apple has provided patches for two of the URI handler vulnerabilities:
The third URI Handler flaw, the Mac OS X Volume URI Handler Registration Code Execution Vulnerability remains unpatched as of May 24, 2004. For a list of available OS X patches, visit the Apple Support Downloads site.
To help mitigate the risk of attack from the URI registration flaw, Secunia recommends unchecking the "Open safe files after downloading option and adding a protocol helper application for 'disk' and 'disks' as well as changing the protocol helper for certain URI handlers, including ftp, afp, cifs, file, ftps, nfs, smb, and ssh.
The URI Handler flaws, and the MP3Concept and Word 2004 demo Trojans are not the only weaknesses in the OS X platform. Secunia has issued over thirty advisories concerning Mac OS X vulnerabilities.
Also see: Top antivirus software for Macs