In what is being described as a "highly critical" vulnerability, security firm Secunia on Monday issued an advisory to all Mac OS X users that surf the Web with Microsoft's Internet Explorer or Apple's Safari Web browsers...
The result of the vulnerability, which has been confirmed using Safari 1.2.1 (v125.1) and Internet Explorer 5.2, is that it is "possible to place arbitrary files in a known location, including script files, on a user's system if the Safari browser has been configured to ("Open "safe" files after download") (default behavior) by asking a user to download a ".dmg" (disk image) file."
Um, yea. This "flaw" has been known for a while now folks. Apple should have fixed this in February. Why didn't they? Good question.
New information found here. Many other related links are found at that article.
Basically you should get More Internet, something I have installed already. More Internet is a fix for the flaw, but Apple needs to patch the Terminal vulnerability. This is not, by the way, the first time a security hole has been found to gain access to the Terminal with more privileges then you should have. This one just has not been fixed yet.
There is an AppleScript inside the Help Viewer package that is the root of this vulnerability. This is the first OS X vulnerability I am worried about. But there is a temporary fix, and I hope Apple makes an "official" patch soon.
"rm -rf" cannot be used because the string command will not accept spaces. At least it has not been figured out yet.
Two examples of what can be done with this vulnerability:
The first uses a meta refresh to cause you to download and mount a .dmg file. The second uses this technique to launch an executable in the mounted volume. This could be used by AOL and other vermin to automatically install a "Free Trial of..." from a pop-up. That is nasty.
Originally posted at Breaking Windows.