|
|
|
|
|
|
by flomo
5505 days ago
|
|
|
It used to be worse. Early versions of Safari would automatically execute a shell script as part of a "safe" download. They 'fixed' it by changing the disk image spec rather than the Safari feature. This type of exploit probably reflects how much thought was put into the feature. The "safe download" social engineering attack was outlined years ago, so it's somewhat surprising it took this long to widely exploited. |
|
|
Which was the right thing to do, by the way. I don't want disk images running shell scripts when they are mounted manually OR automatically.