A new security vulnerability in Safari has been identified by security experts at Secunia.

The company - which rates the flaw as “extremely critical” - says that the vulnerability was discovered by a source outside the company, Michael Lehn.

It can be exploited by malicious people to compromise a user's system, it warns.

The vulnerability is caused by an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives.

“This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive,” Secunia warns.

It can also be exploited automatically by Safari when visiting a malicious website.

The company has released a test users can run to check if their system has been affected.

The vulnerability has been confirmed on an up-to-date system running Safari 2.0.3 (417.8) and Mac OS X 10.4.5.

Users can mitigate the threat by disabling the "Open safe files after downloading" option in Safari.