Leopard OS Plagued By Mail Security Flaw
Ironically, we could say that Leopard aims to prove that it's really Tiger's successor: it features the same mail security hole, which allows the execution of attached malware.
November 21, 2007
Apple's fix would make the Tiger OS to inspect the attached files and warn the user if it detected any trace of foul play on the filed clicked by the user.
Unfortunately, Heise Security has some bad news for Leopard users. Apparently, the feature failed to catch the release train, or if it indeed caught it, the ride is anything but as it should be:
“In tests performed byheiseSecurity, the Terminal window opened directly in most cases when the attachment to the Emailcheck test email was opened. In only one email this occurred the first time the attachment was opened, but subsequent double-clicks suddenly caused the expected confirmation dialogue to be displayed. The test emails are identical except for the subject line and some administrative information in the header.”
Over 2 million copies of Leopard have already been sold.