Text Size
Another URI exploit in Mac OS X?
updated 11:40 pm EDT, Fri May 21, 2004
Another URI exploit?
A MacNN reader points to yet to protect Mac OS X until an official fix is available from Apple.
Hot Stories
Add Your Comment
Login Here
AAPL Stock: 204.44 ( 0 )
Network Headlines
- MacNN
- Electronista
- iPodNN
- DealNN
Most Commented
Most Commented
- Microsoft: mobile apps aren't important (27 comments)
- Jobs: Forced name change 'not that big of a deal' (25 comments)
- Ballmer: it "matters" that Apple has gained share (20 comments)
- Microsoft roadmap puts Windows 8 in 2012 (20 comments)
- Verizon seen turning to Palm; Droid "disappoi... (17 comments)
- AT&T strikes back at Verizon with new 3G comm... (16 comments)
- Briefly: Magic Mouse for Windows, smoke voids... (16 comments)
- Apple calls for permanent injunction against ... (15 comments)
- Buffalo intros USB 3.0 external hard drive (12 comments)
- Gameloft sells 400X more iPhone games than Android (12 comments)
- Dell misses targets, sees income plunge 54% (12 comments)
- Dell Adamo XPS to ship just days before Christmas (12 comments)
- Microsoft opens store-in-store at Saks 5th Avenue (11 comments)
- Verizon: AT&T sued over 3G ads because "the t... (11 comments)
- Belgian theft grabs approximately $3 million ... (11 comments)
Recent Reviews
Netgear Powerline AV Adapter Kit
what's in the box, and setting up The Netgear kit is positioned as a fix for a home entertainment system, and accordingly comes wi ...
Photo Mechanic
If you shoot hundreds of photos every time you use your camera, you may not be happy with the way iPhoto handles large batches of file ...
iMac 27-inch with Core i5
design updates: something borrowed, something blue Ever since the iMac G5 debuted over five years ago, Apple has taken to a surpris ...
Most Popular
Most Popular
- Early Core i9 tests show up to 50% boost
- Review: Netgear Powerline AV Adapter Kit
- Ommwriter word processor offers Zen-like meditative focus
- Best Buy cuts Mac prices ahead of Black Friday
- Apple hints at November 27th online sales special
- Apple I system on auction through eBay
- Apple Black Friday deals leak online
- FileSalvage 7 runs on Snow Leopard, upgrades interface
- Dell slips out Studio 17 with touchscreen
- Apple's App Store API screening flawed, says developer
- Multi-carrier iPhone in France doubles sales
- Pogoplug updated with 4 USB ports, automatic media sync
- TomTom to ship iPod touch-specific car kit
- Microsoft roadmap puts Windows 8 in 2012
- Twelve South releases BassJump USB subwoofer for MacBooks
connect tools
Only works for 10.2...
05/22, 12:11am reply
Only works for 10.2.8 Jaguar, and in the security patch for this version of os x it's already patched...
The update for 10.2.8 says:
"Security Update 2004-05-24 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
HelpViewer
Terminal"
coolkamio
Fresh-Faced Recruit
Joined: May 2004
Re: Only works for 10.2
05/22, 01:25pm reply
Thanks for this information.
deasys
Fresh-Faced Recruit
Joined: Aug 2001
This is huge
05/22, 04:24pm reply
why isn't this front page news on every mac site? I guess they don't want it to get too much publicity before a fix is in place?
VValdo
Dedicated MacNNer
Joined: May 2001
Is it just me?
05/23, 10:24am reply
While these things need to be fixed for sure, it seems to me things were overblown this week. It's not a virus, not a worm, isn't self propogating. How many people do you know that were impacted by this? I'd say likely none of you do. So while it needs to be fixed, let's keep some perspective here.
Too Artificial
Forum Regular
Joined: Mar 2003
Overblown?
05/24, 03:23am reply
I doubt you are this kind to Microsoft.
klinux
Senior User
Joined: Jul 2002
Not overblown
05/24, 05:26am reply
This is a genuine and very serious security flaw.
CharlesS
Posting Junkie
Joined: Dec 2000
Scary flaw
05/24, 02:35pm reply
This flaw is the most serious possible: what this means is that Apple is using the same broken design Microsoft implemented in 1996 or so, when they integrated the "browser' and the "desktop". I knew Apple had been moving towards a more integrated environment, and had expressed my concerns to Apple and online, but I didn't know when the other shoe was going to drop and what the symptom would be... I just knew it was coming.
Well, here it is. The real fix is to completely separate the 'helper' type->handler resolution into two separate sections: one for trusted references generated by local applications that know they are local and that already have local access; and one for untrusted references embedded in documents. ANY document, whether local or remote, should not be able to cause the launch of any helper unless that helper is known to be prepared to deal with untrusted data.
Not "unless it's not known to have a flaw", but unless it is known to be designed to expect untrusted data.
If Microsoft had done that almost a decade ago there would have been about 90% fewer virus and worm incidents in the Windows world. If Apple doesn't do it, they will soon lose the cachet of being "virus free by design" that they have now.
revargent
Fresh-Faced Recruit
Joined: Jun 2003