Mac OS X Safari Browser Exploit Discovered

A potentially severe security flaw has been uncovered in Apple‘s Safari Web browser, which may enable attackers to execute arbitrary Unix shell scripts on a user’s machine simply by following a link on a Web site.

The exploit involves the way Mac OS X determines which program it should launch when opening files of a particular type. By renaming a Unix shell script to an extension Safari considers “safe,” omitting the script’s so-called “shebang line” (a command which specifies how the script should be executed), and compressing the script with the Zip archiving utility, Safari can be convinced to download the script, decompress it, assume the script is “safe,” then pass it off to the Mac OS X Terminal application for execution. An attacker could easily use such a script to delete a user’s home directory, damage the computer’s configuration, or obtain personal data.

Apple has yet to comment or release a patch. In the meantime, Safari users should disable the “Open ‘safe’ files after downloading” option in General pane of Safari’s preferences. This option is disabled by default in new installations of Mac OS X 10.4.5, but may be enabled by default in older systems or systems which have been upgraded to Mac OS X 10.4.5.

So far, Safari is the only application known to be affected, although it is possible other programs could be vulnerable to similar attacks. The Camino and Firefox Web browsers are not vulnerable to this particular exploit.

Danish security firm Secunia has listed the flaw as “extremely critical,” and has posted a harmless sample exploit of the flaw so users can test if their systems are vulnerable. Heise Online has another demonstration of the exploit.

Users may also be able to protect themselves from the exploit by removing the Terminal application from its default location in Applications > Utilities. (However, doing so may confuse future system updaters, so users would probably have to remember to put it back before installing new software.)

Computing

415,000 routers worldwide reportedly infected with cryptojacking malware

Even though there is a fix ready to prevent the threat of a cryptojacking malware discovered in Brazil earlier this year, the rapid growth of infection caused by the malware shows that not many users have installed the patch.
Computing

Best free parental control software for PC, Mac, iOS, and Android

The internet can be a dangerous place, especially for your loved ones. Check out our selection of the best free parental control software for Windows and Mac OS X, so you can monitor your child and block unsavory sites.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Mobile

Apple’s first iPhone XR case lets you show off your handset’s color

Apple has released its first case for the iPhone XR. Costing $39, the case has a clear back so you can show off the color of your phone, whichever of the six options you went for.
Deals

Score a refurbished iPad Air for just $120 with this exclusive promo code

Apple deals are fleeting, but for techies who want to score this great hardware on the cheap, buying refurbished is the way to go. If you're in the market for a tablet, then you're in luck: This refurbished iPad Air is now on sale for just…
Wearables

The Apple Watch Series 4's heart-monitoring ECG feature is now available

Apple officially unveiled the Apple Watch Series 4. From a larger display to a built-in electrical heart sensor, the latest device brings along some notable new features. Here's everything you need to know.
Mobile

Microsoft Outlook for iOS gets big redesign, with Dark Mode coming soon

Microsoft has deployed a huge redesign for its Outlook for iOS app, which includes new blue branding and some quality-of-life improvements. Dark Mode isn't included, but it's coming soon.
Mobile

Galaxy Watch vs. Apple Watch Series 4: Which one is the smartest?

The Samsung Galaxy Watch and the Apple Watch Series 4 are two of the best smartwatches available today. But which is better? We put the two watches head-to-head to find out which you should buy.
Mobile

The best weather apps for the iPhone

Don't rely solely on your local meteorologist to stay up to date on the weather. Take matters into your own hands with one of these weather apps, each of which brings something unique to the table.
Computing

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Deals

The best iPad deals for December 2018

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for December 2018.
Deals

The best Apple Watch deals for December 2018

The Apple Watch has surged to prominence in recent years. If you're in the market for an iOS wearable, we've sniffed out the best Apple Watch deals available right now for all three models of this great smartwatch.
Deals

The best iPhone deals for December 2018

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for December 2018.
Mobile

5G’s arrival is transforming tech. Here’s everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.