In what is being described as a “highly critical” vulnerability, security firm Secunia on Monday issued an advisory to all Mac OS X users that surf the Web with Microsoft’s Internet Explorer or Apple’s Safari Web browsers.
The vulnerability, which was first reported by lixlpixel and confirmed by Secunia, takes advantage of the “help” URI handler and “allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using ‘help:runscript.'”
The result of the vulnerability, which has been confirmed using Safari 1.2.1 (v125.1) and Internet Explorer 5.2, is that it is “possible to place arbitrary files in a known location, including script files, on a user’s system if the Safari browser has been configured to (“Open “safe” files after download”) (default behavior) by asking a user to download a “.dmg” (disk image) file.”
Secunia recommends opening Safari preferences and uncheck “Open ‘safe’ files after download.”
Representatives were not immediately available to comment.
Preview Mac OS X “Tiger” at WWDC