[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 22 February 2006, 12:17 GMT
More security problems bite Apple
Apple store, AP
Security flaws in Apple software could leave users vulnerable
Experts have uncovered a serious security hole in the way Apple software handles downloaded files.

The flaw could give malicious attackers a back door into Mac computers if users visit carefully crafted websites and download booby-trapped files.

Although no attackers were known to be exploiting the bug, experts said it was easy to write code to take advantage of the flaw.

Separately, three concept viruses for Apple computers have been discovered.

Virus outbreak

"This could be really bad," said a warning about the vulnerability by the widely-respected Internet Storm Center.

The discovery of the bug opens up Apple users to so-called "drive-by downloads" that plague users of the Window operating system and are used by makers of adware and spyware to install their software on victims' PCs.

Discovered by University of Ulm student Michael Lehn, the loophole arises because of the way that Apple's OS X operating handles downloaded files.

Although OS X displays an icon for files based on the suffix it finds on the program being downloaded, such as .jpg, it uses different criteria to decide what to do with these files.

This makes it possible to have files look benign by labelling them as images but, behind the scenes the operating system will know it is dealing with a proper program and run it as such.

Initially the flaw was thought only to affect compressed or zipped files but the Internet Storm Center said it can be used for any file that arrives on a target machine.

So far, no net-based exploits of the bug are known to be in existence but Apple is known to be working on a fix for the flaw. The operating system can also be made secure against the loophole by changing some preferences.

Proof of concept

Also reported this week were three variants of a second virus for Apple's operating system.

The new virus is called Inqtana and its three variants try to spread via Bluetooth short-range radio technology.

The risk to users from the virus is almost non-existent because the variants are only proof-of-concept bugs and none have been released to the wild.

The reports of the flaw in OS X and the virus variants makes three security alerts for Apple in less than a week.


SEE ALSO:
Malicious worm aims to bite Apple
17 Feb 06 |  Technology
Mac security concerns answered
17 Jan 06 |  Technology
Mac users 'too smug' over security
16 Jan 06 |  Technology
Microsoft tackles security rivals
09 Feb 06 |  Technology
Countdown for Windows virus
30 Jan 06 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific