Описание
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
Ссылки
- Vendor Advisory
- Exploit
- ExploitVendor Advisory
- Third Party AdvisoryUS Government Resource
- Exploit
- Third Party AdvisoryUS Government Resource
- US Government Resource
- Vendor Advisory
- Vendor Advisory
- Exploit
- ExploitVendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Одно из
EPSS
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
EPSS
5.1 Medium
CVSS2