CVE-2006-0848
CVE-2006-0848 · MEDIUM Severity
AV:N/AC:H/AU:N/C:P/I:P/A:P
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
Learn more about our Cis Benchmark Audit For Apple Macos.