CVE-2006-0848

CVE-2006-0848 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

Learn more about our Cis Benchmark Audit For Apple Macos.