Safari will automatically execute some Unix shell scripts if the “Open ‘safe’ files after downloading” preference is checked. That’s the kind of mistake Microsoft would have done five years ago, and goes to show that, even within Apple, there are people seriously overestimating the platform’s immunity to malware. That’s frightening.
And, actually, heise online’s downloadable example [via] is much more far-reaching: it’s a zip file with a .jpg inside, which Finder displays with the same icon it uses for jpegs on my system (Xee’s icon, not the regular Preview icon), yet if you double-click it a Terminal window will open and execute the script’s contents (in this case, a simple ls). I don’t know about you, and maybe I just missed a security advisory when I switched, but I thought that, if you’d configured OS X to always display file extensions, you could safely double-click any document file as long as it had the extension it should have. Was I actually spoiled by Windows?!
@misc@
When the University of California at Irvine campus was first built, they just put the buildings in. They did not put in any sidewalks; they just planted grass. The next year, they came back and built the sidewalks where the trails were in the grass. That’s what haxies are to the Mac software market. Haxies are those paths in the grass.
Want to know when I post new content to my blog? It's a simple as registering for free to an RSS aggregator (Feedly, NewsBlur, Inoreader, …) and adding www.ff00aa.com to your feeds (or www.garoo.net if you want to subscribe to all my topics). We don't need newsletters, and we don't need Twitter; RSS still exists.
Legal information: This blog is hosted par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Personal data about this blog's readers are not used nor transmitted to third-parties. Comment authors can request their deletion by e-mail.
All contents © the author or quoted under fair use.
