A flaw that had been patched for Mac OS X 10.4 has resurfaced again in Apple's new operating system Leopard. The vulnerability lies in Apple mail and could allow malicious software to be disguised as benign attachments.
“Files on a Mac can contain additional information, such how another program should be used to open them. The operating system stores these in the file system in a so-called “resource fork”, which is linked to the file. This type of information is usually limited to the local system; however, for emails the MIME format AppleDouble allows resource forks to be attached – these are automatically analyzed by Apple Mail,” Heise security researchers said.
The flaw was originally caused by the Download Validation feature's limitations . The feature was used to tell users, whether messages were safe to open. Researches said that malicious code could be added to otherwise harmless file extensions.
Heise security researchers explained that some harmful messages failed to trigger a warning.