Let me get this straight. The first rule of Internet security is to never download files from an unkown or untrusted source. So ... you are asking us to confirm this by downloading a file from an unknown source? That's a crazy as turning all our East Coast ports over to foreign terrorists ... Oh, sorry, we just did that, didn't we?

Woudn't it be eaiser/safer to just uncheck "Open Safe Files" until Apple releases a patch?

Safari just helps these files open automatically, but unchecking that box doesn't make you "safe". Mail.app will execute the file if it's included as an attachment or you can just double click the file by accident.

Over 50% of American ports are already operated by foreign owned entities. Which makes me wonder... why all the concern now when it's been this way for years? Why weren't people concerned all along?

Just get Unsanity's (www.unsanity.com) fix. Its much better, and trusted too.

...with the liberal media.

No, wait, I'm fed up with our current administration. My bad.

Security warning == fear == red herring == votes.

FUD works in many arenas...not just computers.

Safari just helps these files open automatically, but unchecking that box doesn't make you "safe". Mail.app will execute the file if it's included as an attachment or you can just double click the file by accident.

Mail.app will only execute them if you try to open them. Not just if its included maybe you're 'or' should be an 'and').

And how is this better, as it says that the terminal now can't run any file. Gee. Thanks. What if you want to run files?

And, really, couldn't someone just delete terminal.app. I mean, who needs it, anyway? Just some unix heads. But those people who have "open safe files" turned on are probably the same set who'll never touch the terminal.

Plus, I can't believe people are talking about this. Don't you all know that Apple is immune from any type of attack. There are no known exploits out there, so its just one of those theoretical things. Just FUD being spread by MS (who probably hired someone who works for apple to put this dandy of a security slip in there in the first place!).

Uhm... no. In order to get infected in Mail - if this was sent as an attachment.

First you'd have to double-click the attachment in mail - that would only decompress the attachment.

Then, you'd have to double-click the file that resulted from decompressing.

And testudo, no, just deleting the terminal is a silly idea. Many people use the terminal every day. It can also be very helpful when troubleshooting. People who have "Open Safe Files" are also people with new Macs who forgot to go in and turn off the default. It should be off by default and present a warning when turned on.

I defeated the posted proof of concept (http://secunia.com/mac_os_x_command_execution_vulnerability_test/) by simply changing the name of the terminal.app. Mine is now called My Terminal and the proof of concept test fails. Terminal.app still works like normal. I suppose I could make it even more secure by using a random/longer string of characters is the name. Is there any reason why this isn't a valid means of protection?

midsouthmac -

Renaming ANY of the apps that are supplied in the /Applications folder is a bad idea.

1) once the file is renamed, the Software Update feature for that file is broken

2) there can be hidden dependencies between applications, and another application calling the renamed one won't find it and will probably break (very few programmers code so defensively that they assume that standard parts of the system could be missing.)

3) someone else using your system, (or even you, many months later,) might not think to find the app under a different name, and be prevented from using it when it's needed