“FrSIRT (the French Security Incident Response Team) reports on a newly demonstrated flaw affecting versions of Safari in Mac OS X 10.4.8 and prior where maliciously crafted disk images — which are used to distribute most Mac OS X software packages — can allow an attacker to crash or gain control of the target system,” MacFixIt reports.
The reported workaround for this issue is to turn off the “Open safe files after downloading” option in Safari as follows:
1. Open Safari
2. Open “Preferences” under the “Safari” menu
3. Click on the “General” tab at the top
4. Un-check the “Open ‘safe’ files after downloading” box
5. Close Safari’s preferences
MacFixIt reports, “Note that your system will still experience a kernel panic if you double-click the downloaded malicious disk image in order to mount it.”
Full article with links here.
MacDailyNews Note: As usual, do not download links from untrusted sources.
MacDailyNews Note: 8:30pm EST: We have banned the posting of links to .dmg files in the “Reader Feedback” section.
Related MacDailyNews article:
Mac OS X flaw crashes Safari, Finder – March 29, 2006
Safari web browser auto executes shell scripts; disable ‘Open ‘safe’ files after downloading’ option – February 21, 2006