Skip to main content
  1. Home
  2. Computing

Mac OS X Safari Browser Exploit Discovered

By

A potentially severe security flaw has been uncovered in Apple‘s Safari Web browser, which may enable attackers to execute arbitrary Unix shell scripts on a user’s machine simply by following a link on a Web site.

The exploit involves the way Mac OS X determines which program it should launch when opening files of a particular type. By renaming a Unix shell script to an extension Safari considers “safe,” omitting the script’s so-called “shebang line” (a command which specifies how the script should be executed), and compressing the script with the Zip archiving utility, Safari can be convinced to download the script, decompress it, assume the script is “safe,” then pass it off to the Mac OS X Terminal application for execution. An attacker could easily use such a script to delete a user’s home directory, damage the computer’s configuration, or obtain personal data.

Recommended Videos

Apple has yet to comment or release a patch. In the meantime, Safari users should disable the “Open ‘safe’ files after downloading” option in General pane of Safari’s preferences. This option is disabled by default in new installations of Mac OS X 10.4.5, but may be enabled by default in older systems or systems which have been upgraded to Mac OS X 10.4.5.

Related

So far, Safari is the only application known to be affected, although it is possible other programs could be vulnerable to similar attacks. The Camino and Firefox Web browsers are not vulnerable to this particular exploit.

Danish security firm Secunia has listed the flaw as “extremely critical,” and has posted a harmless sample exploit of the flaw so users can test if their systems are vulnerable. Heise Online has another demonstration of the exploit.

Users may also be able to protect themselves from the exploit by removing the Terminal application from its default location in Applications > Utilities. (However, doing so may confuse future system updaters, so users would probably have to remember to put it back before installing new software.)

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Apple just gave Mac gamers a big reason to be excited
Craig Ferguson introducing Mac Gaming at WWDC.

When Apple announced it would revolutionize the world of Mac gaming at its Worldwide Developers Conference (WWDC) in June, many people were skeptical. But the latest update to the company’s Game Porting Toolkit has made some important changes to how games run on the Mac -- and the results are impressive.

The toolkit allows developers to move their Windows games across to macOS Sonoma. Games makers can test out how well their products run on Apple’s hardware and find out what they need to do to make the jump, something that Apple says ends up “significantly reducing the total development time.”

Read more
Will my Mac get macOS 14?
MacOS Sonoma.

MacOS 14 is coming and coming soon, and thanks to Apple's big keynote address at WWDC 2023, we now know what it can do, what it's called, and who can get it. The next generation Mac operating system is codenamed Sonoma, and it's bringing gaming to macOS in a big way, as well as improving video calls, and security. It's going to be available for most modern Mac and MacBook users, but there are some legacy systems that are unfortunately being left out in the cold.

Wondering if your Mac can get macOS 14? Here's everything we know about what Macs are and aren't compatible with Sonoma.

Read more
Apple’s macOS Sonoma has a game-changing feature — literally
apple could fix mac game porting wwdc 2023 gaming 1

Apple’s Worldwide Developers Conference (WWDC) was chock-full of new announcements, and it’s fair to say that between the Vision Pro headset and all of Apple’s new Macs, macOS was far from the biggest new reveal. Yet, there was one new macOS feature that could be absolutely game-changing.

That’s because right now, Mac gaming is in a pretty bad way. Gamers don’t buy Macs because there aren’t enough good games, and developers don’t port their games to the Mac because there aren’t enough people to play them. It’s a chicken-and-egg situation caught in a death spiral.

Read more