Feb 22 2006
In the past week the Mac web has been a-buzz with virus this and trojan that, but nothing has really got anyone that worked up. Most of us know our Macs are secure and that most of the talk has been circulated by the those who delight in any kind of bruise of the skin of Apple Computer.
Today we hear of a new threat: a security hole in the Safari web browser that, if exploited, would allow a willingly requested and downloaded malicious file to execute a shell script without any password request or interaction from the user. That’s bad. All the other malware that has been shaken at us Mac users over the past week has really been stymied by the need for the user to authorize its installation by way of entering in an administrator password. Not so with this security hole.
While I have heard nothing in the way of any actual viral exploit of this security hole, it would be wise for Safari users to exercise caution when downloading. You might consider switching to Firefox until this hole is patched or at least go into your Safari Preferences and uncheck the “Open ‘safe’ files after downloading” box in the General tab.