Your recommendation doesn't handle the sample exploit in Mail.app, unfortunately. Grab this (benign exploit, warning!). Unzip it and then mail the resulting file to yourself. Click the jpg you receive and you're nailed.
I've updated Paranoid Android to be aware of this class of exploit. You can download it here or grab the source code and compile it yourself.
Note that Paranoid Android is an APE module. I like 'em, but it's something to be aware of.
Basic directions: Run the installer, log out, log back in, launch System Preferences and choose the Application Enhancer prefpane. Choose Paranoid Android. Turn on "Watch non-default application launches". Unless you're really paranoid, turn off "Watch URI schemes", since that class of exploit was fixed awhile ago.
Once you've done this, both the Safari exploit and the Mail.app exploit will trigger a dialog window telling you what's going on and giving you a chance to use the default application (Quicktime Player) instead of the custom one (Terminal).
Once Apple puts out a fix for this, I recommend ditching Paranoid Android - it's a pretty heavy solution.
Slashdot Mirror
Your recommendation doesn't handle the sample exploit in Mail.app, unfortunately. Grab this (benign exploit, warning!). Unzip it and then mail the resulting file to yourself. Click the jpg you receive and you're nailed.
I've updated Paranoid Android to be aware of this class of exploit. You can download it here or grab the source code and compile it yourself.
Note that Paranoid Android is an APE module. I like 'em, but it's something to be aware of.
Basic directions: Run the installer, log out, log back in, launch System Preferences and choose the Application Enhancer prefpane. Choose Paranoid Android. Turn on "Watch non-default application launches". Unless you're really paranoid, turn off "Watch URI schemes", since that class of exploit was fixed awhile ago.
Once you've done this, both the Safari exploit and the Mail.app exploit will trigger a dialog window telling you what's going on and giving you a chance to use the default application (Quicktime Player) instead of the custom one (Terminal).
Once Apple puts out a fix for this, I recommend ditching Paranoid Android - it's a pretty heavy solution.
More info on PA can be found here.