Apple Mac OS flaw
Date: February 22, 2006Source: macworld.com
A preference setting in the Safari Web browser can lead to the execution of a malicious shell script, renamed to a “safe” extension in a ZIP archive, according to the security alert.
That preference allows the Mac to automatically open “safe” files after downloading them. So-called safe files include movies, pictures, sounds, PDF and text documents, disk images and other archives.
If a shell script is renamed to appear as a “safe” extension to Safari, systems that have this preference turned on can automatically execute the script — and this can be exploited by someone with malicious intentions, according to Secunia.
“Apple takes security very seriously,” said an Apple spokesman. “We’re working on a fix so that this doesn’t become something that could affect customers. Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust.”
Original article
Add comment Email to a Friend