Mac OS X: still vulnerable to URI exploit after patch

Seems to be the way to go for now... check out the unsanity.com website.

Would someone PLEASE show me this web site that actually contains an exploitive link?

And be careful before you install haxies. Not all of them work flawlessly with current OS versions and certainly not future ones.

What kind of name is "Secunia"?

Do you mean a link that demonstrates the bug, or a link that actually does something harmful? For the former, just go to unsanity's web site (if your aversion to haxies doesn't preclude you from doing this). For the latter, there are no known instances, but then again, who knows, since what could be done could very well be more sniffing than destructive.

I laugh at the people who post around here (like they did over the weekend or last week) that this is all FUD or overblown because there's no exploit in the wild. No one says any of this when MS announces security fixes or people announce holes. They just say "Look how many security holes fill Redmond, Washington", even if no exploits exist, or even likely to appear. And then when an exploit appears afterwards (after the fix has been released) they get slammed again for having such crappy security. (And most of the slams against MS actually come from Trojans, that people have to open, lately, not viruses or worms).

Well, Apple's got a huge security hole here, and its only a matter of time for someone to try to exploit it. Several problems were made public, one of which was fixed. But just because there's no exploit doesn't mean its serious. The fact is, the mere decision to open your web browser could infect your system in who knows how many ways, from trashing your home directory (and people who say "Its only my home directory, they can't touch the system" seem to miss a minor but important point: Between the two, I'd rather have my system wiped out and my home directory safe, then have my home directory wiped out and my system safe) to installing keyboard sniffers to installing trojans or viruses for malicious use later (you know, like DDOS attacks and the like).

Mac folk really need to get their heads out of the sand when it comes to security.

BTW, on Macintouch, one of their readers (and they themselves) suggest using little snitch to help stop this. Anyone have any idea how this could help this problem?

to protect your self. If you Create a new empty account for internet surfing without adm previlegies. They might get access to your computer, but they want have anything to delete, as the account are empty.

You cannot disable smb, cifs, or nfs as they are not protocol handlers.

Are mostly harmless and EASILY removed. I have not had any issues with Fruit Menu or WindowShade, other than the Haxie not always running correctly when a new verion of the OS comes out. I think I'll stick with Paranoid Android until Apple comes out with a fix. It's certainly better than NOTHING.

"No one says any of this when MS announces security fixes or people announce holes."

That is because there are DOCUMENTED examples of people exploiting the holes in MS's crappy OS.

"Between the two, I'd rather have my system wiped out and my home directory safe, then have my home directory wiped out and my system safe)"

Most Mac users are smart enough to know to back up their home directory, please don't insult us. Re-installing an entire system after you get it fully configured for whatever applications you use is NOT an option for people who MUST GET WORK DONE on a deadline.

"Mac folk really need to get their heads out of the sand when it comes to security."

Intelligent people know the difference between a REAL threat and a PERCEIVED threat.
Have a great day!

Exactly, all it takes is for someone to post some malformed links or write a mail script to send the link out via e-mail and then you got the "in the wild" proponent fulfilled!

This is a serious security risk and all Mac users should acknowledge the seriousness of it.