Over at Ars Technica, Eric Bangeman points out a Safari vulnerability worth taking note of. “The widely reported Trojan horse for Mac OS X may be a dud. However, a security flaw in Apple’s Safari browser is something to be concerned about.” It looks like Apple made the poor decision of depending on the file extension to determine how “safe” a document is to open — even if the document also has metadata making it an executable script. Tsk, tsk. Wise advice in the article: turn off the Safari option to “Open “safe” files after downloading.” Even Apple puts “safe” in quotes — that should be a hint!
This site uses Akismet to reduce spam. Learn how your comment data is processed.