A pple has had its share of security alerts recently, and now, Computer World of Australia is reporting that there is yet another serious security issue in Mac OS X. The vulnerability allows malicious scripts to be run just by visiting a Web site. From the article, Mac OS X hit with another serious security issue:
Lixlpixel has reported a vulnerability dealing with how basic Internet elements are addressed in the OSi help facility that allow arbitrary local scripts to be executed on a useris machine. It is also possible to place files in a known location on a system by asking users to download a ".dmg" disk image file. A default browser option in Explorer and Safari will mean a single user click is enough to drive the whole process.
The combination of the two holes, tested and confirmed by security experts Secunia, can therefore allow system access to be achieved "very simply" according to Secunia CTO Thomas Kristensen. The holes affect Safari 1.x and Explorer 5.x.
The solution is to change browser options and rename the help URI handler. More details are available on Secuniais site.
Get the full story at ComputerWorld Australiais Web site.
Itis important to note, too, that a security hole found does not mean that anyone is currently attempting to exploit that hole.