FYI: A vulnerability in the Apple Safari web browser - Tilted Forum Project Discussion Community

zz0011 · 02-22-2006, 05:57 PM

I'm not a Mac / Apple user, but I thought some of you might like to have this information passed on to you.

Quote:

National Cyber Alert System: Cyber Security Alert SA06-053A

Apple Mac OS X Safari Command Execution Vulnerability

Original release date: February 22, 2006
Last revised: -- Source: US-CERT

Systems Affected * Apple Safari running on Mac OS X

Overview -- A vulnerability in the Apple Safari web browser could allow an attacker to place and run malicious code on your computer.

Solution -- Turn off "Open safe files after downloading" feature

To turn off "Open safe files after downloading" feature in Safari, first choose "Preferences" from the Safari menu. Next, uncheck the option "Open 'safe' files after downloading."

More information about this solution is available in the document "Securing Your Web Browser."

Description -- Apple Safari is a web browser that comes with Apple Mac OS X. Safari contains a vulnerability that could allow an attacker to run malicious programs on your computer.

For more technical information, see US-CERT Technical Alert TA06-053A.

References * US-CERT Vulnerability Note VU#999708 -
http://www.kb.cert.org/vuls/id/999708

* Securing Your Web Browser -
http://www.us-cert.gov/reading_room/...wser/#sgeneral

* US-CERT Technical Cyber Security Alert TA06-053A -
http://www.us-cert.gov/cas/techalerts/TA06-053A.html

The most recent version of this document can be found at:
http://www.us-cert.gov/cas/alerts/SA06-053A.html

Feedback can be directed to US-CERT. Please send email to cert@cert.org with "SA06-053A Feedback VU#999708" in the subject.

Mailing list information:
http://www.us-cert.gov/cas/

Produced 2006 by US-CERT, a government organization.
Terms of use: http://www.us-cert.gov/legal.html

Revision History -- February 22, 2006: Initial release