A successful exploit could allow for remote code execution, according to the original posting of the vulnerability. Security firm Secunia gave the vulnerability its second-highest rating of 'highly critical'.
The vulnerability was disclosed by a security researcher known only as 'LMH' as part of the Month of Apple Bugs project which aims to disclose a new Mac OS vulnerability every day in January.
The exploit uses a default feature in Safari originally designed to streamline the download and launch of files.
By default, Safari allows for several types of files to be opened automatically, including disk image (.dmg) files which are often used to compress applications for download.
The vulnerability lies in the way Mac OS X processes disk images. A specially crafted .dmg file could cause an application crash that would leave the attacker free to execute malicious code.
The vulnerability can be mitigated by turning off the 'Open safe files after downloading' option in Safari's preference panel, according to Secunia.
'LMH' released code for a similar exploit in November which also used the 'Open safe files' feature in Safari to launch .dmg files that targeted another vulnerability in OS X.
- Bug eats into Apple security patch software
- Security threats fail to deter Mac faithful in 2006
- New exploit published for Mac OS X
- Jobs announces the mighty iPhone
- Cisco sues Apple over iPhone brand
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago