There might be a Mac OS X trojan in the wild. This would be the first one as far as I know.
- jim 4-08-2004 11:30 pm

Some skepticism.
- jim 4-09-2004 12:27 am


Well, it doesn't appear to be in the wild, but a vulnerability has been discovered. It is very straightforward, and there really might not be anything to be done. The exploit, slightly simplified, involves putting an .mp3 icon onto a file that is actually an application. So the file would be something like trojan.mp3.app, but since the .app suffix is not shown in the finder - and since you can include any icon (even one that looks like a data icon like .mp3) for a file - it's hard to tell if a file that looks like an .mp3 might actually be an application.

This is an interesting problem, for sure, but not a very big security concern. The biggest reason it isn't a concern is that there isn't any vector for rapid transmission. So while this attack could happen in a targeted way - it won't spread exponentially across networks. (The exploit is in the resource fork, so it can't come through .mp3s you download from kazza, for instance.)

To protect yourself, all you have to do is *not* double click unknown .mp3s if you want to play them. Dragging and dropping onto iTunes instead of double clicking (both do the same thing) completely protects you.
- jim 4-11-2004 7:23 pm





add a comment to this page:

Your post will be captioned "posted by anonymous,"
or you may enter a guest username below:


Line breaks work. HTML tags will be stripped.