SANS: Serious flaw on OS X in Apple Safari


We received notice from Juergen Schmidt, editor-in-chief at heise.de, that a serious vulnerability has been found in Apple Safari on OS X. "In its default configuration shell commands are execute[d] simply by visting a web site - no user interaction required." This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

...Recommended action: disable the option "Open 'safe' files after downloading" in the "General" preferences section in Safari. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Monday, 20th February 2006 9:25PM