A successful exploit could allow for remote code execution, according to the original posting of the vulnerability. Security firm Secunia gave the vulnerability its second-highest rating of 'highly critical'.
The vulnerability was disclosed by a security researcher known only as 'LMH' as part of the Month of Apple Bugs project which aims to disclose a new Mac OS vulnerability every day in January.
The exploit uses a default feature in Safari originally designed to streamline the download and launch of files.
By default, Safari allows for several types of files to be opened automatically, including disk image (.dmg) files which are often used to compress applications for download.
The vulnerability lies in the way Mac OS X processes disk images. A specially crafted .dmg file could cause an application crash that would leave the attacker free to execute malicious code.
The vulnerability can be mitigated by turning off the 'Open safe files after downloading' option in Safari's preference panel, according to Secunia.
'LMH' released code for a similar exploit in November which also used the 'Open safe files' feature in Safari to launch .dmg files that targeted another vulnerability in OS X.
- Bug eats into Apple security patch software
- Security threats fail to deter Mac faithful in 2006
- New exploit published for Mac OS X
- Jobs announces the mighty iPhone
- Cisco sues Apple over iPhone brand
Acton's warnings come as Facebook is embroiled in one of the biggest data scandals in history
The unmanned tanks could eventually be kitted with AI systems
Dubbed I-MacEtch, it will help meet demand for more powerful nano-tech
GPU firm's research unit for self-driving cars is growing