Apple yesterday released a security update that deals with multiple vulnerabilities, in particular a critical flaw in its Safari web browser. The problem in question meant that malicious hackers could rename extensions stored in ZIP archives, and could then trick users into executing malicious shell scripts.
The flaw meant malicious applications could appear as a safe file type. If Mac users had left the "Open safe files after downloading" option enabled in Safari then malware would automatically be executed as soon as a user was tricked into visiting a malicious-constructed website. Security researchers produced a proof of concept demo to validate their concerns about the critical flaw.