flaw

Apple Safari executes arbitrary shell scripts without asking you for permission

It seems Apple is having more and more severe problems lately, MacOS viruses and worms start popping up and spreading on a larger scale... Michael Lehn has now discovered that Apple Safari can be tricked into automatically downloading and executing arbitrary shell scripts.

No need to mention what harm this can cause, especially if you are stupid enough to browse the web as root (or whatever Apple calls their superuser).

The behaviour to automatically open downloaded "trusted" files in a respective application is the default in Safari, which is obviously not the brightest idea Apple ever had. This is not an Apple-only problem, though. I really wonder why so many people, be it developers or users, are willing to sacrifice security for some crappy "feature"...

(via Digg)

Syndicate content