Dashboard Widgets do not autoinstall

MacSlash | Dashboard Widgets From The Dark Side

This story has been making the rounds today.

Thad’s right, a new Dashboard widget dubbed “Zaptastic” is more or less a prof of concept that will infect your system if you visit a page that has prime to exploit this flaw.

Except that it doesn’t quite do that.

This is actually a new variation on an old exploit. Namely, don’t allow Safari to open “safe” concept. You may remember it from a year or so ago. It’s why they have the checkbox to disable it. They should have it disabled as a default, but someone apparently likes the auto-expanding feature.

Anyways, tell Safari not to Open “Safe” files after downloading, and you needn’t fear such things. You should still be sure to verify the trustedness of any widgets before using them, however.