http://www.newsbytes.com/news/01/171468.html By Steven Bonisteel, Newsbytes REDMOND, WASHINGTON, U.S.A., 24 Oct 2001, 11:40 AM CST Some users of the Apple Macintosh OS X operating system and Microsoft's Internet Explorer browser are being warned that downloading certain kinds of files could open a security hole in their systems. Redmond, Wash.-based Microsoft announced in a security bulletin Tuesday that the combination of OS X and version 5.1 - and possibly earlier versions - of its IE browser allows executable programs encoded as BinHex and MacBinary files to run automatically after being downloaded. The vulnerability could allow a hacker to deliver a malicious program to unsuspecting users who download the file from an Internet server. The MacBinary format is designed to permit the resource and data forks associated with many Macintosh files to be transmitted via modem or network links in a single package. BinHex allows binary files to be encoded as plain-text files suitable for transfer by e-mail. Applications for Apple's operating systems are frequently served up using Web and FTP (file transfer protocol) servers employing a combination of both formats. Microsoft said users can easily disable the execution of programs downloaded in those formats by changing settings within the IE browser that would disable the automatic decoding of BinHex and MacBinary files. However, it said, automatic decoding is currently the default setting. The company said the problem may also exist in versions of the Explorer browser prior to 5.1, but, since earlier versions of the browser for Mac OS X are not supported by Microsoft, they were not tested. More information and a patch to fix the problem can be found here: http://www.microsoft.com/technet/security/bulletin/ms01-053.asp - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 07:47:30 PDT