Leopard security bug puts Mail users at risk

Hello? Anybody There?

I do hope the lack of comments to this wonderful article (at time of writing), is due to the moderator being down the pub, and not due to the fan boys (and girls, and aliens, and steve jobs) deciding to stop arguing.

/flame mode

This article amounts to saying that Apple is C$%P come on Mac Buddies, get your rubbish iPhones out and start typing abuse (well as fast as GPRS will let you anyway) otherwise your stating that Vista is the best OS there is

Oh and just to get a different argument going, I played with a Mac yesterday and whats with that little scroll nipple on the mouse? It's rubbish, the wheel is far superior

/flame mode

There that should do it.

hmmmm

The reporter reports the news, nice. The comment guy bitches about a section of people he doesn't like. Two people doing there jobs well then.

What about 10.4.11

Apples' latest update to Tiger (which has just been replaced by Leopard) has bricked loads of peoples' Macs, or slowed them significantly.

They really need to get their house in order, or this could be interpreted as a devious way to force people to upgrade....

@Anonymous Coward

I feel someone should tell you as you seem unaware -

I'm sorry mate but you comment smells like ass. (if that's at all possible)

Hey next time try throwing in a few html type tags or present your thoughts in pseudo code (examples below), your target audience will really dig that!

Enterprise Security!?

Surely this should have been filed under Bootnotes……

Hmmmmmmm

Interesting...

Wonder how this vulnerability got thru?

This is pretty serious, though thankfully only to the host machine.

10.5.1 & Mail 3.1 here.

Interesting. I expect better than this from Apple.

Tsk...Tsk...

John

Fairbanks, AK

Shock Horror

A vulnerability disguised as a jpg that doesn't warn the user it could be malicious when clicked on?

Surely that kind of thing only affects us poor windows users?

@Snot Nice

Very clever, very funny. Now explain how I remove the coffee spray from my laptop please?

@Anonymous Coward

"Oh and just to get a different argument going, I played with a Mac yesterday and whats with that little scroll nipple on the mouse? It's rubbish, the wheel is far superior"

Well I, for one, like rubbing the nipple on my mouse.

10.5.1 correctly quarantines attachments

Mac OS X 10.5.1 tags downloaded files as "quarantined". For instance, after receiving Heise's e-mail, listing the contents of my Mail Downloads folder shows:

$ ls -l@ ~/Library/Mail\ Downloads/

-rwxr-xr-x@ 1 user group 77 Nov 21 03:35 Heise.jpg

com.apple.ResourceFork 1338

com.apple.metadata:kMDItemWhereFroms 189

com.apple.quarantine 70

$

It is not difficult to automate removing the quarantine attribute, so it's worth verifying that this is not happening. On the other hand, checking for this attribute is evidently left to the command opening the file. So, for instance, Darwin's open(1) command issues a warning, but running the file via sh(1) does not.

The bottom line is that 10.5.1, at least, appears to be doing the right thing.

The sound of silence?

Various sound bites (bytes?) come to mind reading this story.

I can't get the "losing" sound from The Price Is Right out of my head.

Then there's always the dude from the Simpons saying "HAHA!"

And come on mac fanboys, we know you're just waiting to strike, so in the words of some antiquated rap "music", JUMP ON IT!

It IS quite humorous that any time there's a story about windows sucking it up, the mac fanboys are right there to say "Get a Mac", but I don't see anyone here saying "Get a PC". And while mac users would say "that's because even pc users know that the mac is still better", I would dare to suggest that it's because in general, PC users aren't fanatical whack-jobs (pun definitely intended) who feel like they have to "convert" everyone from (to?) the dark side.

Come on kids, flame on, it's oh so entertaining to read!! :)

Platformistas

I'm once again reminded why I don't usually bother with reading the comments on the Apple & Microsoft articles; any meaningful commentary is drowned by the number of technically-adept and socially-challenged folks (trolls) who don't have a spouse with whom to argue (or have forgotten about their spouse) and are looking to start an argument as a geekish form of entertainment.

Perhaps there should be a new MUD created that pits the Mac Fanchildren against the Microsoft Arials and the Torvald groupies. They'll have no weapons, they'll just stay in the dingy passages and pointless rooms arguing with one another, with both sides eventually declaring victory or suing one another for defamation in a real court.

The best part is that no actual experience with opposing platforms is required.

I think I'll go for a walk outside or make something with my hands rather

than reading the blatherings of enraged and bitter sociophobes.

Signed,

been-there, done that.

its all lies

but MacOSX has no flaws. its a perfect operating system. I like paying extra cash for nice looking hardware with an OS that limits what I can do.

Works fine here

Leopard 10.5.1 - got the test email and when I clicked on the fake attachment, Mail gave me the following information:

“Heise.jpg” may be an application. It was attached to a mail message and will be opened by Terminal. Are you sure you want to open it?

Sounds pretty comprehensively protected to me!