6.3 Disable the automatic run of safe files in Safari

Information

Hackers have taken advantage of this setting via drive-by attacks. These attacks occur when a user visits a legitimate website that has been corrupted. The user unknowingly downloads a malicious file either by closing an infected pop-up or hovering over a malicious banner. The attackers make sure that the malicious file type will fall within Safari's safe files policy and will download and run without user input.

Solution

Perform the following to implement the prescribed state:
1. Open Safari
2. Select Safari from the menu bar
3. Select Preferences
4. Select General
5. Uncheck Open 'safe' files after downloading
Alternatively run the following command in Terminal:
defaults write com.apple.Safari AutoOpenSafeDownloads -boolean no

See Also

https://workbench.cisecurity.org/files/300

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Unix

Control ID: 254a55361738f5273e06aaf9fa7be125be6823e062c14812d60008e96d8aeb56