A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code.
According to Apple Security Update 2008-001:
An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user to visit a maliciously crafted web page, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution.
A remote, unauthenticated attacker may be able to execute arbitrary code.
This issue was reported in Apple Security Update 2008-001. Apple credits Olli Leppanen of Digital Film Finland and Brian Mastenbrook for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:
|Date Last Updated:
|2008-02-12 18:25 UTC