The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment.
It's also possible to become compromised just by visiting a particularly crafted site with false files, making this type of exploit rival similar ones found in IE and Windows. Hopefully a patch will be made available soon, and make sure to keep your OS updated.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.