The "Opener" scare and keeping malicious scripts off your Mac

Over the weekend, MacInTouch and Slashdot posted information regarding a shell script dubbed "opener" that, if installed with proper authentication on a Mac OS X system, can trigger several vulnerabilities including password compromising and activity tracking. Several publications have since sounded the alarm, with headlines like "Mac users face rare virus" and "Destructive Mac virus spies on Apple users".

Fortunately, there is no immediate threat posed by this, or any other malicious shell script currently in circulation -- running the "opener" script and allowing it to do any damage requires root authentication, which must be locally entered by a Mac OS X administrator. There is currently no vector for this or any other malicious Mac OS X script, i.e. no way for the script to autonomously take hold of the system or propagate itself to other systems without express administrator permission. In other words, it is not spreading, and cannot spread without a vector that is capable of gaining root access.

That said, this security scare should remind users to take some precautionary measures that will lessen the chances of another individual gaining the ability to install and run a threatening script.

First of all, make sure to use strong passwords, and never send your administrator password in the clear, without encryption, or to an untrusted third party. Check out the utilities PassGenX or PasswordMaster if you are unfamiliar with generating strong, secure passwords.

Second, make sure to apply all of Apple's security updates up through the most recent revision. These are available through Software Update or Apple's download page. Particularly important are updates that plug secure shell (SSH) protocol vulnerabilities.

Finally, and perhaps most importantly, never provide your administrator password to an untrusted application or install routine. Make sure, when downloading applications from any source, that the author is reputable and (if possible) other users have already tested the release. Unwittingly giving arbitrary code the permission to run is perhaps the greatest current security threat for Mac OS X users.

Feedback? Late-breakers@macfixit.com.

Resources