Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Prevent Terminal from opening without approval' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Prevent Terminal from opening without approval
Authored by: DC Watts on Mar 02, '06 09:15:43AM

Note that today Apple released a Security Update which addresses this issue (among others) and is available for both 10.4 and 10.3.9 . For Panther users, the update seems simply to disable Safari's "Open safe files after D/L" feature; but the Tiger fix is apparently more robust.

The update covers a number of other security issues; but as it relates to this thread, the pertinent description excerpt is:

"It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9)."



[ Reply to This | # ]