Safari Security Hole

Just when Mac users (myself included) were claiming that the recently released Trojan was of no immediate threat, it turns out that Safair has a security flaw that allows it to automatically execute shells scripts.

Shortly after reports of the first virus for Mac OS X, a new security flaw has surfaced. The culprit is the option “Open ‘safe’ files after downloading” in Apple’s Safari web browser. This feature is activated by default. Its function is to automatically display images and movies after they are transmitted to the user’s computer, using the application assigned to that particular document format. Safari will also unpack ZIP archives and display the documents within if they are considered “safe”. If active content such as an application or shell script is found within the archive, a prompt requests user confirmation. So far, so good.

The best immediate recourse against such an attack is to deactivate the option “Open ‘safe’ files after downloading” in the “General” section of Safari’s preferences. Alternative browsers such as Camino and Firefox do not include this feature.

Have something to tell us about this article?
Let us know

or Comment Below

LOGIN to Comment
LOGIN to Comment

Got a tip?

Let us know