A successful exploit could allow for remote code execution, according to the original posting of the vulnerability. Security firm Secunia gave the vulnerability its second-highest rating of 'highly critical'.
The vulnerability was disclosed by a security researcher known only as 'LMH' as part of the Month of Apple Bugs project which aims to disclose a new Mac OS vulnerability every day in January.
The exploit uses a default feature in Safari originally designed to streamline the download and launch of files.
By default, Safari allows for several types of files to be opened automatically, including disk image (.dmg) files which are often used to compress applications for download.
The vulnerability lies in the way Mac OS X processes disk images. A specially crafted .dmg file could cause an application crash that would leave the attacker free to execute malicious code.
The vulnerability can be mitigated by turning off the 'Open safe files after downloading' option in Safari's preference panel, according to Secunia.
'LMH' released code for a similar exploit in November which also used the 'Open safe files' feature in Safari to launch .dmg files that targeted another vulnerability in OS X.
- Bug eats into Apple security patch software
- Security threats fail to deter Mac faithful in 2006
- New exploit published for Mac OS X
- Jobs announces the mighty iPhone
- Cisco sues Apple over iPhone brand
Could be used for everything from search-and-rescue robots to wearable tech
Don't require the rare material being mined from the mountains of South America
IBM hopes that its new tool will avoid bias in artificial intelligence
Found by calculating the strength of the material deep inside the crust of neutron stars