Security research firm, Secunia, is reporting that is has uncovered a flaw in Safari that could potentially allow someone to run a script or other application when you download a file from the Internet. The threat takes advantage of Safariis ability to open trusted files after they download.
Secunia has even gone so far as to produce a proof-of-concept for the exploit and posted it on the company Web site. If your Mac is vulnerable, the proof-of-concept will launch the Calculator application.
The exploit works by tricking Safari into thinking that the contents of a ZIP archive contain trusted, safe files. Instead, the archive holds a shell script that executes other commands on your Mac.
This potential exploit is easily defeated by disabling Safariis "open safe files" option. This step-by-step preview from tomorrowis Quick Tip shows you how:
-
- Launch Safari.
- Choose Safari > Preferences from the menu bar.
- Click the General button.
- Uncheck Open "safe" files after downloading.
Disable "Open Safe Files" in Safariis preferences. |
---|
Secuniais alert does not mean there is some form of malware that is taking advantage of this potential exploit. Despite the proof-of-concept exploits that were discovered last week, there are still no known viruses for the Mac circulating on the Internet.