As you may have read, this flaw is not capable of being exploited remotely, but multiple variants of a new Trojan (dubbed “AppleScript-THT”) are floating around the internets which wreak all sorts of havoc on your system once infected. Some install keystroke logging, usurp your iSight camera to take pictures or even capturing screenshots (some do much worse).

The Washington Post has a great blog post which gives a great amount of detail on the problem and even mentions a few solutions. The quickest way (until Apple releases a patch) to protect yourself is to open up a Terminal window and enter the following text:

If that was successful, then you should not see “root” when you paste this into the Terminal window:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

SecureMac has updated MacScan to account for these new beasts and DAT updates from other vendors are forthcoming.

Until Apple releases a patch and you install it be very careful what you download and execute, both from your browser or chat clients.

If you have any questions or concerns, please drop a note in the comments and I will monitor this thread closely over the coming days to try to help as much as possible. Watch for a TAB post when Apple issues a fix.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Content Farms: The Players, The Benefits, The Risks
• Why iPad 2 Will Lead Consumers Into the Post-PC Era
• The Near-Term Evolution of Social Commerce