~/.osx updated — sensible hacker defaults for OS X...

[chc]

If something else downloaded and opened the file, it's already owned your account, hasn't it? The horses are out of the barn at that point, right?

[brigade]

There are 3 steps needed to exploit this attack vector (assuming no wetware exploits):

1. Download the file. Any website can do this by design.

2. Get LaunchServices to open the file. This requires at least one vulnerability.

3. Bypass quarantine. This requires at least one additional vulnerability.