A new security vulnerability in Safari has been identified by security experts at Secunia.
The company - which rates the flaw as “extremely critical” - says that the vulnerability was discovered by a source outside the company, Michael Lehn.
It can be exploited by malicious people to compromise a user's system, it warns.
The vulnerability is caused by an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives.
“This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive,” Secunia warns.
It can also be exploited automatically by Safari when visiting a malicious website.
The company has released a test users can run to check if their system has been affected.
The vulnerability has been confirmed on an up-to-date system running Safari 2.0.3 (417.8) and Mac OS X 10.4.5.
Users can mitigate the threat by disabling the "Open safe files after downloading" option in Safari.