4null4.de is giving us an English overview of a Safari Security Hole being reported by IT Portal Heise Online.
The security hole hinges on a preference being checked. I’ve yet to figure out whether or not this option is checked in a default installation of Safari. Mine was checked.
Either way, it could be bad, very bad. Until a security fix comes along, go to the Safari Menu, Preferences …, under “General”, uncheck the checkbox that says “Open “safe” files after downloading”.
I tried their proof of concept, and sure enough, a Terminal window opened, with a message indicating i’m vulnerable.
update 2/20: English version of the original article, from the source.