Replying to OS X Struck By Severe Security Hole (Feb 21)

"A new security vulnerability in Safari has been identified by security experts at Secunia.
The company - which rates the flaw as “extremely critical” - says that the vulnerability was discovered by a source outside the company, Michael Lehn.

It can be exploited by malicious people to compromise a user's system, it warns.
The vulnerability is caused due by an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives.

“This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive,” Secunia warns.

It can also be exploited automatically by Safari when visiting a malicious website.

The company has released a test users can run to check if their systems have been affected.

The vulnerability has been confirmed on an up-to-date system running Safari 2.0.3 (417.8) and Mac OS X 10.4.5. "