Category: Mac
Via Digg and Slashdot: If you use Mac, and like to browse with Safari, I’d recommend you not use Safari until Apple fixes this bug. There is a hole in Safari that will allow anyone to run an arbitrary shell script (if you don’t know what that means, that means bad).
Here is a good demonstration on how it works, but basically if you leave off the #!/bin/sh from a shell script, name it some valid media file name (like jpg or mov), Safari will download and just run the script. Pretty nasty.
They have a workarounds listed which involves disabling the “open ’safe’ files after download” option in Safari. To do this, open Safari, choose Safari
Preferences…, then uncheck the option. Till they get it fixed, however, I am personally just going browse all the time with Firefox or Camino.