[cbf]

It doesn't help that there's a setting in Safari to automatically run "safe" downloads.

This feature has always struck me as a cordial invitation from Apple to trick their users via some means or other.

[flomo]

It used to be worse. Early versions of Safari would automatically execute a shell script as part of a "safe" download. They 'fixed' it by changing the disk image spec rather than the Safari feature. This type of exploit probably reflects how much thought was put into the feature.

The "safe download" social engineering attack was outlined years ago, so it's somewhat surprising it took this long to widely exploited.

[kennywinker]

>They 'fixed' it by changing the disk image spec rather than the Safari feature.

Which was the right thing to do, by the way. I don't want disk images running shell scripts when they are mounted manually OR automatically.