They mostly involve the handling of images and decompression of zip files.

He expects that they will be addressed in the next Apple security update.

A St Louis Post-Dispatch article on the flaws urges caution , “Avoid opening strange or unusual e-mail attachments, and beware of Web links embedded in unsolicited Web correspondence.”

As many people pointed out during the excitement of the last round of security flaws, this has been pretty sensible advice since, like, forever.security, exploits, zip files, mac osx, images, attachments, mail.app, apple mail Similar Posts:

• Mac Attack Snack Pack
• Toggle image and attachment display in Mail.app
• Mail.app too dangerous to use?
• OMiC: A plugin to extract winmail.dat files
• Quickly saving attachments in Mail.app

Well-done

Secunia rates the Safari vulnerability as “extremely critical”, a rating the company gives when “successful exploitation does not normally require any interaction and exploits are in the wild.” Secunia is a provider of IT-security services.

Anti-virus company Intego has analysed the Leap-A (“Oompa-Loompa”) Trojan horse. After exhaustive testing, the company reported that “the best protection against this Trojan horse and its variants is Intego VirusBarrier X4″. CEO Laurent Marteau says, “it is clear that antivirus software on a Macintosh computer is as essential as wearing a seat belt in a car”.

Medium

ZDNet Australia carries an interview with Paul Ducklin, Sophos’ Asia-Pacific head of technology. ” “There is not a clear and present danger like there is with Windows but the same risks apply”, he says.

Eric Bangeman on Ars Technica thinks that “the malware may be less destructive, more difficult to find, and less prevalent than on other platforms. But it’s there, and it’s not going to go away.”

Medium-rare

At Wired, Leander Kahney is keeping his cool: “These Mac security holes are a storm in a teacup,” he says.

The Daring Fireball puts it all in perspective. John Gruber writes: “It boils down to this: you can’t safely double-click files from untrusted sources, and you never could. This is no different today on Mac OS X 10.4 than it was a decade ago on Mac OS 8 and 9.”

Stephan Schwab is also fairly relaxed: “Of course this unwanted interference is annoying and it’s far better to let the user decide when to execute something, but it’s not a security threat of any magnitude.”Trojan horse, exploits, virus, mac OS X, security, apple, safari, scriptsSimilar Posts:

• More security flaws in Mac OSX
• Will Windows Vista be Apple’s Trojan Horse?
• Mail and Safari patched
• Image spam surge powered by Russian bot-net
• Spam tops 80% of all email