Safari exploit can make scripts run

Security house Secunia on Tuesday document a possible exploit in Apple ’s Safari connection web web browser that the company name as “ extremely vital . ” Secunia ring the exploitMac OS X “ _ _ MACOSX ” ZIP Archive Shell Script Execution , and advises Mac users to take simple action to stave off the problem . Apple confirm it ’s work on a fix .

A preference localize in the Safari Web browser app can go to the execution of a malicious cuticle script , rename to a “ safe ” extension in a goose egg archive , according to the security alarum .

That preference allows the Mac to mechanically open up “ safe ” file after download them . So - call safe file include movies , pictures , sound , PDF and textbook documents , disc images and other archives .

If a shell script is rename to seem as a “ good ” extension to Safari , system that have this orientation turn on can automatically perform the script — and this can be exploited by someone with malicious intentions , fit in to Secunia .

“ Apple takes security measures very seriously , ” tell an Apple spokesman . “ We ’re work on a localisation so that this does n’t become something that could pretend customers . Apple always advise Mac drug user to only accept files from vendors and Web sites that they know and bank . ”

Apple has also postedsafety tipson its connection site to advise users how to hand einsteinium - post attachment and subject matter download from the cyberspace .

Secunia has develop a safe test to show you if your system is vulnerable . The exam will cause the Mac OS X “ Calculator ” app to start up after you press a link .

The resolution is to uncheck the druthers scene , “ Open ‘ safe ’ single file after downloading ” — useable from the General tabloid in Safari ’s Preferences .

Macworld’stests show that the Safari preference setting is grow on by default in a fresh installed Mac OS X v10.4.5 partition — a situation sustain by Secunia in its own rating .

This is the third documented security measures exploit on Mac OS X in late days . Last week saw the emergence of OSX / Leap - A , malware computer code designed to spread through iChat . A “ trial impression of concept ” malware called Inqtana . A was also describe — this work a flaw in Bluetooth security that Apple patch up in mid-2005 .