Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard (10.5) systems.
Apple OS X uses resource forks to store structured data in files. Data forks are used to store unstructured data.
The AppleDouble standard is specified in RFC 1740:
A remote, unauthenticated attacker may be able to execute arbitrary commands with the permissions of the user running Apple Mail.
We are currently unaware of a practical solution to this problem.
This report was based on publicly available information provided by Heise Security.
This document was written by Ryan Giobbi.
|Date First Published:||2007-11-27|
|Date Last Updated:||2007-11-27 14:06 UTC|