---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple Mail Command Execution Vulnerability SECUNIA ADVISORY ID: SA27785 VERIFY ADVISORY: http://secunia.com/advisories/27785/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of unsafe file types in email attachments. This can be exploited via a specially crafted email containing an attachment of an ostensibly safe file type (e.g. ".jpg") to execute arbitrary shell commands when the attachment is double-clicked. This is related to vulnerability #8 in: SA19064 The vulnerability is reported in Apple Mail included in Apple Mac OS X 10.5 (Leopard). SOLUTION: Do not open attachments from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Originally discovered in Mac OS X 10.4 and reported in Apple Mac OS X 10.5 by heise Security. ORIGINAL ADVISORY: http://www.heise-security.co.uk/news/99257 OTHER REFERENCES: SA19064: http://secunia.com/advisories/19064/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------