OS X flaw may leave Macs open to virus attacks

Apple Computer was investigating a reported security flaw Friday in its OS X operating system that could allow vandals to trick Macs into opening dangerous files, such as Trojan horses and viruses.

The flaw was reported by Intego, a French security firm specializing in Apple systems. The company said in a statement that it had encountered a proof-of-concept Trojan horse for OS X disguised as an MP3 music file.

"Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it," according to Intego. "But double-clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then (launches) iTunes to play the music contained in the file, to make users think that it is really an MP3 file."

Proof-of-concept bugs are typically created by security researchers to prove the existence of a software flaw. They exploit the flaw but don't do any damage. The OS X Trojan began circulating last month via a newsgroup posting.

Apple said in a statement that it was looking into the matter. "We are aware of the potential issue identified by Intego and are working proactively to investigate it," the statement said. "While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."

In a bulletin released on Friday, Security software and services company Symantec verified the bug but said it posed no immediate danger. "This Trojan does not contain any malicious code," the bulletin said. "MP3Concept is a proof-of-concept Trojan and is not currently seen 'in the wild'--it is not spreading and infecting Mac users."

An Intego researcher said that exploit works by embedding a file with code written for Carbon, the OS X component that allows older programs to be updated to run natively in the new operating system. OS X's Finder application, which associates file types with appropriate applications, doesn't see the Carbon code and launches the malicious file.

A number of such spoofing exploits have surfaced for Microsoft's Windows operating systems, but Macs have been relatively safe from such exploits and other types of attacks. Apple released a security update for the latest version of OS X earlier this week.

Christophe Guillemin of ZDNet France contributed to this report.

[rwitt62]

Not a real virus

This "virus" does not even exist. Intego has known about the
vulnerability for some time but decided to keep their mouths
shut until they could announce the newest version of their anti-
virus software. Did anyone notice they announced the "proof of
concept" virus and their new software on the same day???
Norton has issued a statement that they're not issuing an update
because it the virus doesn't exist in the wild. So here we go
again. The PC press is screaming that the sky is falling down
when no real threat exists to Apple computers. It's all about
characterization. It's acceptable that Windows computers get hit
by a new virus weekly, but the second a POSSIBLE vulnerability
exists for OSX the press screams bloody murder. I guess CNET
has to protect it's advertsising revenue from Dell, Microsoft,
Intel, etc.

[dolfox]

surprisingly fair cnet article...

so i must be fair in admitting such. as opposed to cnn's front
page article full of factual holes, in which they conclude with the
old worn out (and untrue) argument that more people use
windows, therefore it is attacked more.

Not really fair

When you consider the headline says there is a flaw in Mac OSX,
it really isn't fair at all since a lot of people will not read the
article, which itself is full of misleading staements, but will just
continue on with the thought of Mac OSX having a flaw. It's not a
flaw in the OS. They'd know that if they had done some research,
or perhaps they did and are just being typical CNET and Mac
bashing as they usually do.

And the answer to 'who double clicks MP3 files isnt really valid,
the real question here is where are these infected mp3's
potentially coming from? Well, file sharing networks of course.

[cwkoller]

Who double-clicks MP3's?

Open MP3's in iTunes or Quicktime Player and there's no
problem...

not really a virus/worm or threat

It is really mostly a hoax though it could technically do harm see
here: http://www.insanely-great.com/news.php?id=3288 and
only a moron would run a music file from the finder!