DESCRIPTION: Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive.
This can also be exploited automatically via the Safari browser when visiting a malicious web site.
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
I use Mozilla, and had problems using the Accelator because it was set up for IE. So, just watch out for that if you don't use IE. I had to manually configure localhost as a HTTP Proxy under Mozilla preferences before it would work.