Browse carefully: a critical Safari vulnerability
Over at Secunia, they're reporting that the "Open 'safe' files after downloading" feature in Safari has a nasty downside as shell scripts can be executed via single clicks.They've built a test which opens Calculator and, yep, it's exploitable. For Safari 1.3 and well as 2.0.
It might be a good idea to just turn off the "safe files" download feature (in the Preferences menu) until a patch is released by Apple.
1 Comments:
At 4:12 PM, Shahid said…
Thanks. I actually had it disabled way back when the whole Dashboard widget thing happened. I had it enabled again till I just read this. Really helpful.
Post a Comment