Security Vulnerability in Safari
Charles Johnson
Thu Feb 23, 2006 at 4:11 pm PST • Views: 114
A newly identified security vulnerability in Apple’s Safari web browser can actually let a program (a shell script) execute on your computer merely by clicking a link on a malicious web site—or in the worst case, merely by visiting a malicious page.
If you’re a Safari user, the problem and the remedy are described here at macosxhints: Avoid a security vulnerability in Safari.
The fix is simple: in Safari’s Preferences (General), uncheck the box labeled ‘Open “safe” files after downloading.’ (Note that this box is checked by default.)
More technical info is here: Secunia - Advisories - Mac OS X File Association Meta Data Shell Script Execution.
Frank says: