RSS RSS Twitter Twitter
troubleshooting/tutorials/security

05/17/2004, 12:10pm, EDT

Monday, May 17th

New Safari exploit allows remote code execution?

Insecure.ws reports on a new Safari exploit, which it says allows remote websites to execute code on any machine: "there is a new Safari exploit, using a management error in the HelpViewer.app Helper which allows to execute anything on the client computer, especially when Safari Safe File Opening is activated (this is your default setting). A demo of the problem, writting a text on your hard disk and displaying is available on the Web. Apple was been notified back in February and still hasn't answered or fixed the problem."


Filed under: troubleshooting

, , 23comments, del.icio.us, slashdot, digg, buzz , Twitter



23 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
Bound to happen..
0
05/17, 12:21pm, EDT
As OS X becomes more popular. You know OS X has hit the big time when the first adware/spyware for OS X is created!
Senior User
Joined Jul 2002
User is offline
so?
0
05/17, 12:37pm, EDT
So what. It's still not as bad as Windows which can be exploited just by being on the 'net with no interaction at the keyboard.
Senior User
Joined Mar 2002
User is offline
Aiiiiieeeeeee!!!!!
0
05/17, 12:44pm, EDT
Run screaming into the night! This is a time to panic, not to be rational or anything. I'm getting out my al Qaeda kit from the 'duct tape and plastic sheathing' scare from last year and sealing myself in my basement until I get the all clear!
Fresh-Faced Recruit
Joined Aug 2001
User is offline
i love apple but...
0
05/17, 1:20pm, EDT
...at least microsoft addresses these problems.
Fresh-Faced Recruit
Joined May 2001
User is offline
nat
ms addresses
0
05/17, 1:29pm, EDT
these problems? is that a joke? do you have any idea the number of "these problems" that microsoft let lie over the years? perhaps you're just too young to remember but microsoft has a long history of NOT addressing these problems. only since "trusted" computing have they started making an effort to plug their incredibly bugged system, you know, the system that needs plugged 3, 4, 5 times a week.
Junior Member
Joined Mar 2002
User is offline
As nothing...
0
05/17, 1:34pm, EDT
This will be as nothing once the real hole introduced with Panther is found: ...://tell your mac to delete everything
Mac Enthusiast
Joined Jan 2001
User is offline
This isn't
0
05/17, 1:42pm, EDT
anti microsoft or anti apple.. just goes to show that when you have millions of lines of code and questionable and somewhat sloppy programming (programs) you will get exploits!

All that's left is for OS X to have it's source code stolen (see MS and Cisco) and then internet will be totally security free... :)
Fresh-Faced Recruit
Joined Jun 2000
User is offline
Fix soon?
0
05/17, 1:43pm, EDT
This is a serious exploit. The script could be designed to run anything/issue any command to which the logged-in user has access to.
Hopefully by making this public, Apple will get their butt in gear.
Perhaps its fixed in 10.3.4...
Addicted to MacNN
Joined Jan 2003
User is offline
InternetConfig?
0
05/17, 2:03pm, EDT
From the http://netilus.org/~insecure/ website:

"To protect yourself:
- disable auto opening of safe files in Safari (bad protection)
- change the help helper in InternetConfig (better protection) "

InternetConfig is an OS 9 program. What gives with that?
Fresh-Faced Recruit
Joined Dec 1999
User is offline
IC
0
05/17, 2:06pm, EDT
InternetConfig has been implemented in MacOSX, and you can edit its values using "More Internet" for example.
You can find this application on the web
Dedicated MacNNer
Joined May 2001
User is offline
additional comments:..1..2..3..Next
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Internet Marketing School - 100% Online: Master SEO, SEM, E Commerce, Media & More with a U of San Francisco Certificate.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.