Making stuff as a founder of Avocado. Former music-maker. Tuna melt advocate. Started Google Reader. (But smarter people made it great.)

Browse carefully: a critical Safari vulnerability

Over at Secunia, they're reporting that the "Open 'safe' files after downloading" feature in Safari has a nasty downside as shell scripts can be executed via single clicks.

They've built a test which opens Calculator and, yep, it's exploitable. For Safari 1.3 and well as 2.0.

It might be a good idea to just turn off the "safe files" download feature (in the Preferences menu) until a patch is released by Apple.

posted at February 21, 2006, 2:28 PM


  • At 4:12 PM, Blogger Shahid said…

    Thanks. I actually had it disabled way back when the whole Dashboard widget thing happened. I had it enabled again till I just read this. Really helpful.


Post a Comment