The vulnerability lies in the "Open 'safe' files after downloading" option in Apple's Safari Web browser. By default, the set-up for the Web browser automatically has this option turned on and will displays images and movies or open ZIP archives to display the documents inside if they are deemed "safe."
“This is yet another example of the continuing spread of malicious code onto other platforms,” said Patrick Evans, regional directory, Symantec Africa. “While there is no known exploit at this time, users are encouraged to turn off the ‘Open safe files after downloading option’ in their Safari browsers and watch for further information from Apple.”
The disclosure of this vulnerability follows two low level worms from last week that targeted the Macintosh OS X (version 10.4) operating system -- OSX.Leap.A and OSX.Inqtana.A.
The issue exists because of an error when processing file association metadata. This metadata is contained in the '.__
Symantec advises Apple Safari users to turn off the “Open ‘safe’ files after downloading” feature in the Web browser software. Users are also encouraged to review Apple’s guide to safely handling files received from the Internet at: http://docs.info.apple.com/article.html?artnum=108009.
Symantec’s security experts will closely monitor further information related to this vulnerability and will provide updates and security content as necessary.