Critical Mac OS X zero-day exploit

ZDNet's George Ou has posted some details about a scary new Mac OS X exploit that takes advantage of Safari. Unlike the relatively benign OSX.Leap.A worm which emerged last week this exploit is a major security hole because it requires no user interaction.

Heise online is reporting that a new critical vulnerability for Mac OS X has been discovered and it appears to have ramifications beyond the Safari brows. The problem is severe because a user simply needs to visit a malicious website and shell scripts with launch with zero user interaction!

Here is an excerpt from Heise online:
You can determine whether your system is vulnerable by using this online demonstration provided by Heise Security. The demo attempts to open a Terminal window to display the contents of a folder. If you are running Mac OS X in its standard configuration and use Safari, the window will open without waiting for a prompt. The script could just as well delete all files accessible to the current user. At this point, no web pages are known to misuse this vulnerability. However, this could change quickly.

Click through to George Ou's blog posting today for a temporary workaround to protect yourself if you use Safari on Mac OS X.