This is a single archived entry from Stefan Tilkov’s blog. For more up-to-date content, check out my author page at INNOQ, which has more information about me and also contains a list of published talks, podcasts, and articles. Or you can check out the full archive.

The Safari Shell Script Execution Exploit

Stefan Tilkov,

John Gruber a.k.a. The Daring Fireball has the most thorough coverage (as usual) of this Mac OS X exploit. His conclusion:

It boils down to this: you can’t safely double-click files from untrusted sources, and you never could.