Workaround for flaws in Safari and Mail applications

Safari

Open Safari and select Preferences. You will find the following window in “General” section. Uncheck the “Open “Safe” files after downloading” option as demonstrated in the accompanying screenshot.

Mail

The problem is Automatic execution of attachments, which may contain executable shell scripts. It is good practice to download mail attachments to the hard drive rather than double click to open. If the file has executable file permission “x-unix-mode=0755” this may cause a threat. If you have detailed view selected in Finder you could see the content of the attachment and see the permission. If it contains a file with "0755" permission it should be avoided opening even it looks like a harmless "*.jpg" file.

By the way, open source mail application, Thunderbird has no such threat if you ever want to consider an alternative to Mail.

More information about the above flaws can be found here.

Original Heise Article can be found here.

DON'T BE TOO ALARMED BY THE MEDIA HYPE. JUST BE VIGILANT!