Safari Vulnerability

We had a relaxing week in Santa Fe but returned to find bad news on the Mac front.

For anyone using the Safari browser, a critical security flaw has been discovered. Safari will automatically open files that it determines to be "safe", such as pdf files. But a malicious file can be disguised as a compressed safe file.

Here's how to fix the problem:

Open Safari.
Go to the Safari menu and select Preferences.
Click the General button.
Uncheck the box labeled, Open "safe" files after downloading.
Close the window.

I've done this on the Info Desk computers. What this means is that you will have to manually open files that you download. For example, Acrobat Reader will not automatically open downloaded tax forms. Instead, the form will be downloaded to the desktop and you can open it from there.

Secunia has more info and a browser test here.