Security Hole in Safari

Open Safe Files After Downloading4null4.de is giving us an English overview of a Safari Security Hole being reported by IT Portal Heise Online.

The security hole hinges on a preference being checked. I’ve yet to figure out whether or not this option is checked in a default installation of Safari. Mine was checked.

Either way, it could be bad, very bad. Until a security fix comes along, go to the Safari Menu, Preferences …, under “General”, uncheck the checkbox that says “Open “safe” files after downloading”.

I tried their proof of concept, and sure enough, a Terminal window opened, with a message indicating i’m vulnerable.

update 2/20: English version of the original article, from the source.

update 2/21: Secunia, Macworld, Slashdot are initiating coverage.

loading

Comments have been disabled for this post