The flaw affects the way OS X handles meta data for Zip archives. The application considers the files to be safe and will automatically open them, allowing attackers to embed script code that the OS will execute without the user's knowledge.
Attackers could exploit the vulnerability to install software such as spyware or rootkits.
A system could become infected when users visit specially crafted websites or when saving any infected Zip archive. The attack requires no user interaction and uses the Terminal application, which is the OS X command shell.
Users of older versions of the operating system will first receive a warning asking whether they wish to execute the applications, but Apple removed this feature in the current 10.4 version of the operating system.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago