I've dismissed previous alarms about Mac OS X malware, but this one is serious.

Looks like I'll be surfing with Netscape 7 (shudder) until they get this ironed out.

Oh it's not worth switching to Netscape.. why don't you just switch back to a PC ;)

Can you not just turn off "open safe files after download" to protect yourself?

Yep, if you turn off "open safe files after download" you should be fine.

This security flaw works on all Mac OS X browsers. Apparently Apple are "actively investigating this potential security issue." Hopefully they'll issue a Security Update soon.

Perk up a little, friends. No, turning off "open safe files" is not enough. Don't you guys read macintouch?

This site may convince you (it doesn't hurt):
[bronosky.com...]

By the way, my mistake, switching to Netscape 7 also doesn't help either.

There is help, though:
[isophonic.net...]

Thanks for the eye opener and the link to the "patch" Tedster. I never want to see my terminal do that again.

Another approach is to disable/redirect help, ssh, and telnet links so that they are no longer handled by their respective default applications. See the More Internet preference pane:

[versiontracker.com...]

...and Apple issues a patch:

[maccentral.macworld.com...]

Apple Computer Inc. issued an update on Friday to fix a reported security hole in its Safari Web Browser. The venerability, which was classified as "Extremely Critical" by security firm Secunia, allowed the execution of malicious code on the users computer.

-B

What's a "venerability" anyway?

...and the patch is not good enough...

[maccentral.macworld.com...]
[secunia.com...]

This vulnerability has been confirmed on a fully patched Mac OS X system (including the patch "Security Update 2004-05-24 for Mac OS X" released by Apple, which fixes the "help" URI handler vulnerability).

Anyone remember a kids book called "Oh what good news..."?

Here are the complete details with workarounds:
[unsanity.com...]
[daringfireball.net...]
[daringfireball.net...]
[wiredblogs.tripod.com...]