Mac users need to take immediate notice: A newly disclosed hole in Mac OS X allows attackers to run scripts simply by loading a web page – regardless of your browser (Safari, IE, Firefox, etc). According to Jay Allen someone can delete every file you have permissions to delete. Jay is following it pretty closely, so Mac users check his site and read the comments for updates.
The easiest fix posted so far is for Mac users to:
- Uncheck ("Open "safe" files after download") in "Safari -> Preferences -> General" or disable automatic launch of downloads in your browser of choice.
- Do not surf the Internet as a privileged user.
- Download MoreInternet from MonekyFood and change your help: protocol.
If Jay says you have to do it now, you have to do it now, people. Do it.