Mac OS X Safari Browser Exploit Discovered

A potentially severe security flaw has been uncovered in Apple‘s Safari Web browser, which may enable attackers to execute arbitrary Unix shell scripts on a user’s machine simply by following a link on a Web site.

The exploit involves the way Mac OS X determines which program it should launch when opening files of a particular type. By renaming a Unix shell script to an extension Safari considers “safe,” omitting the script’s so-called “shebang line” (a command which specifies how the script should be executed), and compressing the script with the Zip archiving utility, Safari can be convinced to download the script, decompress it, assume the script is “safe,” then pass it off to the Mac OS X Terminal application for execution. An attacker could easily use such a script to delete a user’s home directory, damage the computer’s configuration, or obtain personal data.

Apple has yet to comment or release a patch. In the meantime, Safari users should disable the “Open ‘safe’ files after downloading” option in General pane of Safari’s preferences. This option is disabled by default in new installations of Mac OS X 10.4.5, but may be enabled by default in older systems or systems which have been upgraded to Mac OS X 10.4.5.

So far, Safari is the only application known to be affected, although it is possible other programs could be vulnerable to similar attacks. The Camino and Firefox Web browsers are not vulnerable to this particular exploit.

Danish security firm Secunia has listed the flaw as “extremely critical,” and has posted a harmless sample exploit of the flaw so users can test if their systems are vulnerable. Heise Online has another demonstration of the exploit.

Users may also be able to protect themselves from the exploit by removing the Terminal application from its default location in Applications > Utilities. (However, doing so may confuse future system updaters, so users would probably have to remember to put it back before installing new software.)

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Home Theater

Become a master caster with these Google Chromecast tips and tricks

Google's Chromecast and Chromecast Ultra are the ultimate budget-friendly streaming devices for cord cutters. We've put together a list of our favorite tips and tricks to help you get the most out of your Chromecast.
Computing

These 30 apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…
Emerging Tech

Police body cams are scarily easy to hack into and manipulate, researcher finds

Nuix cybersecurity expert Josh Mitchell has demonstrated how it is possible to hack into and potentially manipulate footage from police body cams. The really scary part? It's shockingly easy.
Mobile

How to find a lost phone, whether it's Android, iPhone, or any other kind

Need to know how to find a lost phone? Here, we’ll help you locate your lost or stolen phone using both native and third-party apps and services, whether it’s a smartphone or an older variety.
Computing

New Apple MacBook may appear in September at $1,200

Apple may reveal new products in September including an entry-level 13-inch MacBook based on Intel’s seventh-generation processors. Apple originally intended these units to rely on Intel’s now-delayed 10nm “Cannon Lake” processors.
Photography

How iPhone photographers connect the world using only ‘basic’ gear

August 19 is World Photography Day, marking progress from the daguerreotype to the iPhone. But how do today's photographers create a connection to viewers using basic gear? We talked to iPhone photographers and influencers around the world…
Mobile

AirDrop makes sending files to Apple devices easy -- here's how

Want to send files or photos to your friends when you're standing directly beside them? Instead of texting or emailing, why not learn how to use AirDrop? Here's everything you need to know about using AirDrop on both iOS and MacOS.
Deals

Save up to $900 with the best smartphone deals for August 2018

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $900.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!
Apple

New patent suggests multiuser support could one day come to Siri

A new patent suggests that a major improvement may be in the works for Apple's digital assistant. Nothing has been confirmed, but Apple may soon work on implementing multiuser support for Siri.
Mobile

iPad battery explosion prompts Apple Store evacuation in Amsterdam

An iPad battery exploded in an Apple Store over the weekend, causing breathing issues for staff members, and requiring the fire brigade and an ambulance to attend. The incident took place in Amsterdam.
Mobile

Free yourself! How to unlock a phone from the icy hands of your wireless carrier

Do you want to know how to unlock a phone through your carrier or a third-party service like DoctorSIM? Regardless of which way you want to go, we've compiled a list of requirements and methods for doing so.
Wearables

Apple registers six models of Apple Watch Series 4 in European Union

Ready for an all new Apple Watch for 2018? It looks like Apple may be planning a complete redesign with improved health features. Here are all the details about the upcoming Apple Watch Series 4.