In association with heise online

Apple Mail

Apple Mail transports information about which program should be used to open a file (content type: multipart/appledouble;) in an additional attachment that is invisible to Mac users. Attackers can then call a shell script "image.jpg" and nonetheless have commands in the script executed. Apple took care of this security problem with an update in March 2006.

This email has a shell script attached to it that is disguised as a JPG. If your version of Apple Mail does not have the patch, it will show the icon for an image but nonetheless execute the commands contained in the attachment without further ado. This script only opens a terminal and displays the content of the current directory.

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit