***** UPDATE*****<br><br><br>Much ado about not very much....<br>(not as bad as it could have been)<br><br>...however it was a wake-up-call <br>that pointed out a definite vulnerability that can now be patched.<br><br>MaCNN Update<br><br><br>[color:green]"...or am I a butterfly that's dreaming she's a woman?"</font color=green>
This is not as bad as it sounds but it is theoretically possible. As stated on their web page, the .mp3 has to be archived in a stuffit, binhex, or zip file. Just downloading an MP3 file from the internet will strip the resource fork and you won't get the necessary code resources.<br><br>Typically MP3's aren't archived or compressed - they don't need to be. The bigger risk is through email. But then again, there's nothing stopping you from emailing an applescript or application through the email either.<br><br>I don't think the risk increased that much. It's just a new, albeit clever, way to hide it.<br><br>
This same thing could have been similarly exploited since System 1.0. Just change a script or other malicious applications icon with that of any trusted file type. The only difference here is that the file can kind of pull double duty, but still not to a great extent. <br><br>
From Wired: OS X Trojan Horse Is a Nag <br><br><br>"They gave the impression that this is a threat, but it isn't," said Dave Schroeder, a systems engineer with the University of Wisconsin. "It is a benign proof of concept that was posted to a newsgroup. It isn't in the wild, and can't be spread in the wild. It's a non-issue."<br><br>
Xplain's use of MacNews, AppleCentral and AppleExpo are not affiliated with Apple, Inc. MacTech is a registered trademark of Xplain Corporation. AppleCentral, MacNews, Xplain, "The journal of Apple technology", Apple Expo, Explain It, MacDev, MacDev-1, THINK Reference, NetProfessional, MacTech Central, MacTech Domains, MacForge, and the MacTutorMan are trademarks or service marks of Xplain Corp. Sprocket is a registered trademark of eSprocket Corp. Other trademarks and copyrights appearing in this printing or software remain the property of their respective holders.
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.