Critical Safari flaw found

George Ou at ZDNet has a round up about the critical flaw found in Safari yesterday that potentially allows a malicious web page to execute a shell script on your Mac. Thanks to JDB for the heads-up on this one.

What does it do? To quote George:

Heise online is reporting that a new critical vulnerability for Mac OS X has been discovered and it appears to have ramifications beyond the Safari brows (thanks to SANS and SunbeltBLOG for the link).� The problem is severe because a user simply needs to visit a malicious website and shell scripts with launch with zero user interaction!

Given that security holes in Mac OS X are nothing new, what really interests me is the reaction of Mac users in the comments. Most are, of course, concerned, sensible responses that either ask for details on how to fix it or ask how much of a problem it really is.

But there’s also the handful – and they ARE a handful – who either deny that it’s a “real” problem, point fingers at Windows users in a “you’re still worse, buddy!” way, or blame the messenger – whether they messenger is a security company, journalist or a user who’s published the details.

These modes of thinking leave me shaking my head. Why are people so reluctant to admit that an OS isn’t completely secure? Why are they reluctant to take additional security steps, like running in non-admin user mode, using additional security measures like Paranoid Android or – blasphemy! – using anti-virus software?