After two sightings of Mac OS X worms were reported earlier this month, a new critical flaw has now been discovered in the operating system, according to security firms.

Similar to Microsoft Windows, the new Mac OS X flaw is based on exploiting a common feature. Since Mac OS X considers .zip files safe, it automatically opens them, which allows crackers to embed malicious code in a .zip file for distribution, and unfortunately, this process takes place automatically, without user intervention.

The malicious code could include spyware application and rootkits that the user can attract by visiting specially coded websites or receiving a file as an e-mail attachment.

In versions prior to 10.4, the operating system required the user to take an action before unzipping a .zip file, but unfortunately Apple has removed this functionality in its latest version of the OS.

While Secunia, a security website, placed the flaw under “Extremely Critical” category and suggested a method to avoid getting hit by disabling the auto-run feature in Safari, SANS Internet Storm Center, however, said this is only a temporary fix and that users are still under threat.

Related Articles:
- Subscribe to CoolTechZone.com's RSS Feed

SANS recommends that users move the Terminal application to a different folder and don't open attachments from unknown senders.

Though no patch has been issued to date, Apple Computer commented that it's working on fixing the flaw as soon as possible.