Secunia uncovers Safari Web browser exploit

By Derek Sooman on February 21, 2006, 1:49 PM
Secunia has documented a possible exploit in Apple’s Safari Web browser. The company has rated the exploit as extremely critical. Known as "Mac OS X “__MACOSX” ZIP Archive Shell Script Execution", the exploit stems from a preference setting in the Safari Web browser which can lead to the execution of a malicious shell script, renamed to a "safe" extension in a ZIP archive.

That preference allows the Mac to automatically open “safe” files after downloading them. So-called safe files include movies, pictures, sounds, PDF and text documents, disk images and other archives.

If a shell script is renamed to appear as a “safe” extension to Safari, systems that have this preference turned on can automatically execute the script — and this can be exploited by someone with malicious intentions, according to Secunia.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.