Security flaws in Apple software could leave users vulnerable
Experts have uncovered a serious security bug in the way Apple software handles downloaded files.

The flaw could give malicious attackers a back door into Mac computers if users visit carefully crafted websites and download booby-trapped files.

Although no attackers were known to be exploiting the bug, experts said it was easy to write code to take advantage of the flaw.

At the same time three more viruses for Apple computers have been discovered.

Virus outbreak

"This could be really bad," said a warning about the vulnerability by the widely-respected Internet Storm Center.

The discovery of the bug opens up Apple users to so-called "drive-by downloads" that plague users of the Window operating system and are used by makers of adware and spyware to install their software on victims' PCs.

Discovered by University of Ulm student Michael Lehn, the bug arises because of the way that Apple's OSX operating handles downloaded files.

Although OSX displays an icon for files based on the suffix it finds on the program being downloaded i.e. jpg, it uses different criteria to decide what to do with these files.

This makes it possible to have files look benign by labelling them as images but, behind the scenes the operating system will know it is dealing with a proper program and run it as such.

Initially the flaw was thought only to affect compressed or zipped files but the Internet Storm Center said it can be used for any file that arrives on a target machine.

So far, no net-based exploits of the bug are known to be inexistence but Apple is known to be working on a fix for the flaw.

Also reported this week were three variants of a second virus for Apple's operating system.

The new virus is called Inqtana and its three variants try to spread via bluetooth short-range radio technology.

The risk to users from the virus is almost non-existent because the variants are only proof-of-concept bugs and none have been released to the wild.

The reports of the flaw in OSX and the virus variants makes three security alerts for Apple in less than a week.
BBC