Intrusion PreventionApple.Mail.x-unix-mode.Mail.Attachment.Command.Execution
Description
This indicates an attempt to exploit an arbitrary command execution vulnerability in Mac OS X.
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote attackers to execute arbitrary commands. This can be done by tricking a user into downloading a "__MACOSX" folder that contains metadata (a resource fork) that invokes the terminal. The terminal automatically interprets the associated script using the "bash" shell. For example, if a ZIP file that contains a script with a safe file extension is downloaded, the script will be executed. The script commands are executed in the context of the user opening the archive file.
Affected Products
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.5
Apple Mac OS X 10.3.9
Impact
System compromise: execution of arbitrary commands.
Recommended Actions
Apple has released security advisory APPLE-SA-2006-03-01 and APPLE-SA-2006-03-13 to address this issue.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-07-20 | 21.360 | Sig Added |
References
1| ID | 11750 |
| Created | Mar 13, 2006 |
| Updated | Apr 17, 2023 |
| Risk |
|
| CVE ID | CVE-2006-0848 |
| Exploit Prediction Score | 97.47% |
| Default Action | drop |
| Active | |
| Affected OS | MacOS |
| Affected App | Apple |