A vulnerability has been recently discovered in Mac OS X and Safari, which can be exploited to severely compromise a user’s system. This vulnerability has been rated as extremely critical. Details can be found in the following US-CERT Vulnerability Note.

VU#999708 – Apple Safari may automatically execute arbitrary shell commands

Since Apple Computer so far hasn’t provided any security patches for this vulnerability, you are advised to perform the following measures until patches are available.

Disable the Safari option “Open ’safe’ files after downloading.” as specified in the Securing Your Web Browser.

Move “Terminal” Application from default location, /Applications/Utilities/Terminal, to other directory, say /Application_restricted/Utilities/Terminal.

相關文章 Related posts:

1. Apple, 有些時候你很差!
2. 千呼萬喚始出來: iPhone
3. Apple – Boot Camp: Mac上跑WinXP
4. 大件事
5. Comic Life: Story Board好幫手