Experts have uncovered a serious security hole in the way Apple software handles downloaded files.
Security flaws in Apple software could leave users vulnerable
The flaw could give malicious attackers a back door into Mac computers if users visit carefully crafted websites and download booby-trapped files.
Although no attackers were known to be exploiting the bug, experts said it was easy to write code to take advantage of the flaw.
Separately, three concept viruses for Apple computers have been discovered.
"This could be really bad," said a warning about the vulnerability by the widely-respected Internet Storm Center.
The discovery of the bug opens up Apple users to so-called "drive-by downloads" that plague users of the Window operating system and are used by makers of adware and spyware to install their software on victims' PCs.
Discovered by University of Ulm student Michael Lehn, the loophole arises because of the way that Apple's OS X operating handles downloaded files.
Although OS X displays an icon for files based on the suffix it finds on the program being downloaded, such as .jpg, it uses different criteria to decide what to do with these files.
This makes it possible to have files look benign by labelling them as images but, behind the scenes the operating system will know it is dealing with a proper program and run it as such.
Initially the flaw was thought only to affect compressed or zipped files but the Internet Storm Center said it can be used for any file that arrives on a target machine.
So far, no net-based exploits of the bug are known to be in existence but Apple is known to be working on a fix for the flaw. The operating system can also be made secure against the loophole by changing some preferences.
Proof of concept
Also reported this week were three variants of a second virus for Apple's operating system.
The new virus is called Inqtana and its three variants try to spread via Bluetooth short-range radio technology.
The risk to users from the virus is almost non-existent because the variants are only proof-of-concept bugs and none have been released to the wild.
The reports of the flaw in OS X and the virus variants makes three security alerts for Apple in less than a week.