Mac OS X vulnerable to one-two combo attack
Two flaws, when used together, could let attackers who concoct a special Web site place a file on a Mac and then run the file through a simple browser command.
The flaws could be used to create a virus that spreads through a Web link sent via e-mail messages. An attacker would have to also create a Web site with special programming.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
"Since these 'exploits' are on the rise and it's so easy to protect yourself--here you go," lixlpixel's posting said.
Apple refused to comment on the vulnerability, except to publish a release saying that such reports are taken "very seriously at Apple and we are actively investigating this potential security issue."
Apple has twice been criticized for its downplaying of security issues and its lack of response to the concerns of the security industry.
Security information service Secunia
Secunia verified the flaws in Apple's operating system by viewing malicious code using Internet Explorer for the Mac and Safari.
More about this issue can be found in the advisories section of