Mac OS X Struck By Severe Security Hole

An anonymous reader writes "Macworld is reporting about a new security hole in Mac OS X that can be exploited to compromise a system if the user simply visits a web site with Safari. Currently, no vendor patch is available. Secunia has a demonstration of the vulnerability and suggestions for temporary workarounds."

Re:Protect yourself in one click

[hackstraw]

This is quite a nasty little exploit so I suggest making the change ASAP.

I did this years ago.

Can someone remind me what is the point of a browser allowing "driveby downloads" and automatically launching the content of the download?

Safari has a nice download manager that lists the most recent downloads, and by simply double clicking on the one you trust and want to view is up to you.

This is at least over a 1 year old issue: http://www.net-security.org/vuln.php?id=3461

Is it too much to ask for normal users to double click on a file to launch it? This is what we used to do, and still do with email, ftp, removable media, networked drives, everything. What is the point of a driveby download and launch?

Why isn't Secunia Being Flamed Here

[Compulawyer]

Why isn't Secunia being flamed here for releasing details of an exploit before Apple has had a chance to patch it? Are there not enough details for someone to create their own version? I may be wrong, but I did not notice one mention of any fact that indicates that Apple was notified of the problem and/or given an opportunity to fix the problem. I am used to seeing such information releases eing labeled as "irresponsible" but I have not seen any discussion of this aspect of the story yet.