A new security issue has apparently been found in Safari. What does it mean? That some features should not exist, regardless of how secure an application is.
According to Heise Online, a security vulnerability has been found in Safari, allowing for the execution of shell scripts under certain conditions, provided the “Open Safe files after downloading” option is checked. Of course, one could argue this is very little of an issue, given any “reasonable” user would uncheck that option first thing upon delivery of his computer.
Yet, that option is enabled by default and, to the average user, clearly states it is innocuous. While alternate browsers such as Camino explain that “Open[ing] downloaded files” could “make your computer vulnerable to damaging programs”, Safari, the browser aimed at the regular consumer, downplays the risks of such a behavior — and, frankly, who would question Apple’s own wording, on its default browser?
So, what is this entry about? Bashing Apple for implementing yet another insecure feature? Not really. Indeed, I believe “Open downloaded files” is actually a nifty trick that makes many complex operations transparent to beginners, especially the installation of legitimate software. In that, I understand and appreciate Apple’s original idea: make things easy, simple and straightforward, maybe even more secure as this forces the browser to run a security check on the files to determine what an archive contains, something your average beginner might not do if he were to open archives in StuffIt with a simple double-click.
Yet, one has to wonder. Internet Explorer is constantly criticized and constantly hacked because of its ability to execute programs automatically. Outlook Express was almost banned from most corporations a while ago for the same reasons. In fact, it seems every time an application accepts executables from the outside world and processes them automatically, someone has found a way to exploit them, no matter how secured, protected, isolated they are made. This in many ways reminds me of horses who, while defeated by the most standard of locks, found on stable doors for centuries, constantly find ways around newfangled mechanisms that include automatic latches and button-press emergency release latches. Anybody banging on a door long enough, softly enough and with enough perseverance will be able to cheat the mechanism.
This brings us back to a problem we saw in the Mac world many times already. This time, it’s not evil widgets or fake MP3 files. It’s a shell script extravaganza. Safe files, you said? (Yes, I know, with quotes.)