troubleshooting/tutorials/security
05/18/2004, 5:45pm, EDT
Tuesday, May 18th
Details on Mac OS X/Safari security vulnerability
eWEEK has a follow-up report on the Mac OS X/Safari security vulnerability first noted by MacNN yesterday: "The issue revolves around two URI handlers, 'help' and 'disk.' The first allows any AppleScript on the user's machine to be run, while the second allows users to mount a disk image automatically over a network. In theory, this allows malicious users to create a Web page that will either download a small disk image onto a Mac or mount it remotely, then execute an AppleScript on the mounted image, which could contain any Unix command— including ones to remove any file in the user's Home directory. The flaw works with any browser, including Safari, Internet Explorer, and Firefox." One reader has posted a webpage that offers details on the problem and several examples of scripts that will automatically execute when viewing a page [warning: clicking on the link will execute an non-destructive 'du' command in the terminal as an example] Isophonic.net has released a third-party fix for the security vulnerability: GURLfriend 1.0.
Filed under: troubleshooting
,
, 23
,
,
,
,
,
,

subscribe to comments
for this article
on «event helphdhp» (completeParam)
-- localizable text
set cancelBtn to "Cancel"
set errorText to "The item cannot be opened. It may be disabled or not installed."
--end localizable text
try
display dialog "Something is trying to run: " & completeParam buttons {"Allow", "Deny"} default button 2 with icon 0
set buttonPressed to (button returned of result)
if (buttonPressed is "Allow") then
tell application "Finder"
open file completeParam of the startup disk
end tell
end if
on error errMsg number errNum
display dialog errorText buttons {cancelBtn} default button 1 with icon 0
return
end try
end «event helphdhp»
Sure, one could say the axiom of don't download/open/click/visit whatever from unsuspecting people but we know that do not work in real life.
The next step is would be for someone to write a mail.app script that sends out e-mail to everyone on ones Address Book, spoofs the return address and includes a link and then executes that command on the user's own machine. Voila! The first OS X virus!
(Shudders)
Now if the vulnerability allows the script to elevate itself as the superuser (root), that would be a different story. But as it stands now, I don't think that it will happen any time soon.
Example? Proof?
Nope. Just FUD.
Here, ibmjones, click on this link over here....
Just because you don't think it is serious does not mean it is not serious.
Apple did modify the basics of UNIX - I would call case insensitivity and unexpected naming of system directories basic enough. Whether I would call it "compromised" is another question, however.