Boobytrapped images pose threat to Mac users, warns Apple

Users of Mac computers are being advised to install an important security patch, after Apple acknowledged that a serious flaw existed in its Mac OS X operating system that could be exploited by hackers.

In a security advisory posted on its website, the Cupertino-based vendor of iMac and MacBook computers warned that it had discovered that hackers could create specially crafted image files capable of running malicious code without the user’s authorisation, such as a worm or Trojan horse.

The affected image file formats include PNG, Canon RAW and OpenEXR.

To circumvent this and other security issues, Apple is recommend that users install Security Update 2009-003 – updating themselves to Mac OS X v10.5.8:

Sign up to our free newsletter.
Security news, advice, and tips.

Apple Mac security update

Owners of Mac computers would be wise to follow Apple’s advice, else put their systems at risk of infection via rigged image files created by hackers.

As described in Sophos’s recently published Security Threat Report, 2009 has seen a number of attacks against users of Apple Mac OS X. Many of these have relied upon social engineering to fool Mac owners into installing Trojan horses on their computers. There is no doubt, however, that cybercriminals would love to be able to exploit software vulnerabilities instead to make infection even easier.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.