Time Machine blamed in Leopard security scare

Unless you're careful Mac OS X's Time Machine app could leave your Mac vulnerable to attack

Another flaw has been discovered in Apple's Mac OS X 10.5 Leopard operating system that could leave Mac owners open to attack from trojans and other malware.

The problem arises from use of Time Machine, Apple's easy to use automated backup system. Blogger Stephen Pyile says old versions of applications archived on to a Time Machine enabled hard drive can be triggered to launch without warning - and that's a big problem if the app has a security flaw.

"Imagine that you trash an application because of a security flaw. Say, it handles the URL type foofoo, and is proven to be a security risk. But the developer won't fix it (or hasn't fixed it yet), so you've removed the application from your hard drive to keep yourself safe.

"It doesn't work that way - you're not safe. Time machine has made a copy in your time machine backup that Mac OS X will cheerfully launch without a warning," Pyile says.

This is all the more worrying given that hackers are now targeting Mac OS X 10.5 with trojans and other malware.

Protect yourself

To protect yourself from attack, you can take two simple steps:

  1. Delete all examples of a particular backup from your Time Machine archive using the contextual menu within the applications.
  2. Hide the main Applications, Library and System folders from Time Machine so they are not backed up. You can do this under System Preferences > Time Machine > Options.

Given the beefed-up security measures used elsewhere in Leopard let's hope Apple closes this loophole soon.

[via Cult of Mac]