Wednesday, December 27, 2006

Researcher: AppleScript Great for Malware

Robert Lemos writes on SecurityFocus:

Apple's scripting language for the Mac OS X operating system is both easy to use and a powerful way to automate system tasks--two attributes that empower malicious coders as well as legitimate developers, the security researcher behind the Month of Kernel Bugs, known as "L.M.H.", stated in a blog post.

The researcher--who has also promised to deliver an Apple bug every day for a month, likely to be January--demonstrated the utility of AppleScript for writing a mass-mailing computer virus by showing how portions of the LoveLetter virus could have been written in AppleScript. The code snippets in the blog post show how to spread using e-mail, download arbitrary code and send messages to every iChat account.

The researcher gave Apple high marks for usability, but failed them on security.

More here.

0 Comments:

Post a Comment

<< Home