Skip to main content
  1. Home
  2. Computing

Mac OS X Safari Browser Exploit Discovered

Geoff Duncan
By

A potentially severe security flaw has been uncovered in Apple‘s Safari Web browser, which may enable attackers to execute arbitrary Unix shell scripts on a user’s machine simply by following a link on a Web site.

The exploit involves the way Mac OS X determines which program it should launch when opening files of a particular type. By renaming a Unix shell script to an extension Safari considers “safe,” omitting the script’s so-called “shebang line” (a command which specifies how the script should be executed), and compressing the script with the Zip archiving utility, Safari can be convinced to download the script, decompress it, assume the script is “safe,” then pass it off to the Mac OS X Terminal application for execution. An attacker could easily use such a script to delete a user’s home directory, damage the computer’s configuration, or obtain personal data.

Recommended Videos

Apple has yet to comment or release a patch. In the meantime, Safari users should disable the “Open ‘safe’ files after downloading” option in General pane of Safari’s preferences. This option is disabled by default in new installations of Mac OS X 10.4.5, but may be enabled by default in older systems or systems which have been upgraded to Mac OS X 10.4.5.

Related

So far, Safari is the only application known to be affected, although it is possible other programs could be vulnerable to similar attacks. The Camino and Firefox Web browsers are not vulnerable to this particular exploit.

Danish security firm Secunia has listed the flaw as “extremely critical,” and has posted a harmless sample exploit of the flaw so users can test if their systems are vulnerable. Heise Online has another demonstration of the exploit.

Users may also be able to protect themselves from the exploit by removing the Terminal application from its default location in Applications > Utilities. (However, doing so may confuse future system updaters, so users would probably have to remember to put it back before installing new software.)

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
How to take a screenshot on a Mac
The keyboard and trackpad of the MacBook Pro 14-inch.

For most new Mac users -- especially if they're coming from Windows -- one of the first questions they need to ask is how to take a screenshot on a Mac? There's no dedicated Print Screen key like there is on Windows, but there is keyboard shortcut, and if you want something more akin to Microsoft's Windows Snipping tool, there are some great screenshot apps you can use, too.

Here's how to take a screenshot on a Mac in a few different ways.
How to take a screenshot using keyboard shortcuts
MacOS keyboard shortcuts are the quickest ways to take screenshots, whether you're capturing the entire screen or just a portion. By default, Apple's methods save your screenshot to the desktop, but if you want to copy the screenshot to the clipboard, there's a keyboard shortcut you can use instead.
How to capture a selected area

Read more
Forgot your Mac password? Here’s how to reset it
A person plays Stray using a PlayStation controller on a silver 13-inch MacBook Air.

We all forget a password once in a while. It’s really just a fact of life at this point, but things are a little different when you forget crucial login info for your go-to computer. And if you’ve ever forgotten your MacOS password, you’ll know just how frustrating it is to be locked out of your do-everything PC. But even if one of your Mac or MacBook’s system-stored hints isn’t enough to jog your memory, there’s a couple of ways you’ll be able to reset your MacOS password.

Read more
I was wrong about using Stage Manager on Mac
Stage manager in macOS Ventura.

Stage Manager is one of those software features that has had a rather bumpy road since Apple launched it in 2022. The unique multitasking feature has landed itself in a heap of criticism over its short lifespan.

I, however, was not one of these critics. I was super excited by Stage Manager and the promise it contained. It was something new and shiny, here to shake up macOS in a fresh and different way. Even after using it myself, I foresaw it fundamentally changing the way I used my Mac.

Read more