Software code that can exploit a hole in Apple's Safari Web browser was added to a popular hacking tool on Feb. 22, raising the risks of attack for Apple Mac users.

So-called "shell code" that takes advantage of a security flaw in Safari's "safe file" feature was added to the Metasploit framework on Feb. 22 and a copy of the script was posted on FrSIRT.com, a software vulnerability and exploit Web site.

Apple did not immediately respond to a request for comment. On Feb. 21, the company said that it takes security very seriously and was working on a fix for the Safari vulnerability.

The hole was first reported on Feb. 20 after security researcher Michael Lehn, a graduate student at the University of Ulm, in southern Germany, documented a problem with Safari's handling of shell commands.

The security hole could be exploited by files that were downloaded directly from a Web page and without any user interaction.

READ ARTICLE