Microsoft recently said it would fix Windows security vulnerabilities to reduce new network-based security risks. However, security researchers said Linux/Mac OS Operating systems may have the same security risks.
Nathan McFeters, one of the security researchers who has been seriously studying this issue, said, he hopes to introduce other Unix-based operating systems such as Linux and Mac OS X at the Toorcon Hacker Conference held in Santiago this week that also have Uris (unified resource identifier) details of protocol processing program security vulnerabilities.
McFeters said in an interview that he has not found any way to run unauthorized code on Unix-based operating systems. However, he and his colleagues have also discovered many problems, which deserve further research.
McFeters and other researchers have been investigating technical issues over the past few months with the URI protocol used to start applications in Web browsers. The most famous of these Protocols may be mailto. This protocol is used to start the email client software in the browser.
However, any software developer can register their own applications with the operating system. This leads to some risk situations, as starting an application from a browser sometimes does not properly check the execution methods of these applications.
So far, hackers have found some ways to secretly add commands to a network connection using the URI protocol in some well-known application software to execute unauthorized software on the user's computer. Microsoft originally said that software developers should ensure that their software programs check such links to prevent malicious code. However, Microsoft said last week that it will also add some inspection measures in the Windows operating system.
McFeters is a security researcher at Ernst & Young worldwide. He said these protocols generally do not have to be registered and seldom take security concerns into account. Even if poorly designed URI protocol registration is not used to install unauthorized software, attackers will be given access to data and applications.
Thomas Kristensen, chief technology officer of Secunia ApS, also agrees that URI protocol processing issues may affect the views of Linux and Mac OS X operating systems. He said that it is absolutely possible for other platforms to have the same problem.