Security firm Secunia on Tuesday documented a possible exploit in Apple’s Safari Web browser that the company describes as “extremely critical.” Secunia calls the exploit Mac OS X “__MACOSX” ZIP Archive Shell Script Execution, and advises Mac users to take simple action to avoid the problem.

A preference setting in the Safari Web browser can lead to the execution of a malicious shell script, renamed to a “safe” extension in a ZIP archive, according to the security alert.

That preference allows the Mac to automatically open “safe” files after downloading them. So-called safe files include movies, pictures, sounds, PDF and text documents, disk images and other archives.

If a shell script is renamed to appear as a “safe” extension to Safari, systems that have this preference turned on can automatically execute the script — and this can be exploited by someone with malicious intentions, according to Secunia.

Secunia has developed a safe test to show you if your system is vulnerable. The test will cause the Mac OS X “Calculator” application to start up after you click on a link.

The solution is to uncheck the preference setting, “Open ‘safe’ files after downloading” — available from the General tab in Safari’s Preferences.

Macworld’s tests show that the Safari preference setting is turned on by default in a newly installed Mac OS X v10.4.5 partition — a situation confirmed by Secunia in its own evaluation.

This is the third documented security exploit on Mac OS X in recent days. Last week saw the emergence of OSX/Leap-A, malware code designed to spread through iChat. A “proof of concept” malware called Inqtana.A was also identified — this exploited a flaw in Bluetooth security that Apple patched in mid-2005.