It seems like just days ago that Adobe had to fix yet another critical security hole caused by their years of tarting up Acrobat (you remember, the “document reader”) with all sorts of unrelated, and generally unwanted, interactive features. Oh, wait, that was last month; it’s Flash that had critical security holes fixed two weeks ago.
Good thing you’re a security-focused company who would never do something stupid like introduce brand-new malware vectors into all of your products. Oh, wait, you’re automatically, silently processing calendar invites and photo-sharing email, no matter who they come from, encouraging spammers to inject data into your system. This not only creates annoying pop-up notifications, but adds new ways to get people to click on malware-infested URLs.
Then again, you still ship every Mac with a browser that will auto-open “safe” file formats when you download them (including… wait for it… PDF files), so maybe the real story is that you were never security-focused to begin with.
[Update: just got one of these, on my almost-never-used icloud account (so, truly random spamming attempt), and had to follow the 6-step process on icloud.com to get rid of this terrible default setting. Nitwits.]