February 21, 2006 -- US-CERT is aware of publicly available exploit code for a vulnerability in Apple Safari Browser. The Apple Safari browser will automatically open "safe" file types, such as pictures, movies, and archive files. A system may be compromised if a user accesses an HTML document that references a specially crafted archive file. Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary commands with the privileges of the user.

More information can be found in the following US-CERT Vulnerability Note:

* VU#999708 - Apple Safari may automatically execute arbitrary shell commands

Although there is limited information on how to fully defend against this exploit, US-CERT recommends the following mitigation:

* Disable the option "Open 'safe' files after downloading," as specified in the Securing Your Web Browser document.

We will continue to update current activity as more information becomes available.

Source: US-CERT

Source: Wired News