troubleshooting/tutorials/security

05/21/2004, 11:40pm, EDT

Friday, May 21st

Another URI exploit in Mac OS X?

A MacNN reader points to yet another URI exploit in Mac OS X, not fixed in the recent Apple Security Update, that allows malicious users to embed links that can launch the Terminal application and potentially delete files: "In addition to the 'disk:', 'disks:', and 'help:' URI protocols mentioned yesterday, you should also turn off the 'telnet:' protocol. By default, it’s assigned to Terminal; I recommend using RCDefaultApp to set it to 'disabled'." Update: Unsanity describes yet another exploit method in a new white paper on not-yet-fixed security issues and offers an update to the freeware Paranoid Android 1.1 to protect Mac OS X until an official fix is available from Apple.


Filed under: troubleshooting

, , 8comments, del.icio.us, slashdot, digg, buzz


8 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
coolkamio
Only works for 10.2...
0
05/22, 12:11am, EDT
Only works for 10.2.8 Jaguar, and in the security patch for this version of os x it's already patched...

The update for 10.2.8 says:
"Security Update 2004-05-24 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

HelpViewer
Terminal"
Fresh-Faced Recruit
Joined May 2004
User is offline
deasys
Re: Only works for 10.2
0
05/22, 1:25pm, EDT
Thanks for this information.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
VValdo
This is huge
0
05/22, 4:24pm, EDT
why isn't this front page news on every mac site? I guess they don't want it to get too much publicity before a fix is in place?

Dedicated MacNNer
Joined May 2001
User is offline
Too Artificial
Is it just me?
0
05/23, 10:24am, EDT
While these things need to be fixed for sure, it seems to me things were overblown this week. It's not a virus, not a worm, isn't self propogating. How many people do you know that were impacted by this? I'd say likely none of you do. So while it needs to be fixed, let's keep some perspective here.
Forum Regular
Joined Mar 2003
User is offline
klinux
Overblown?
0
05/24, 3:23am, EDT
I doubt you are this kind to Microsoft.
Senior User
Joined Jul 2002
User is offline
CharlesS
Not overblown
0
05/24, 5:26am, EDT
This is a genuine and very serious security flaw.
Posting Junkie
Joined Dec 2000
User is online
revargent
Scary flaw
0
05/24, 2:35pm, EDT
This flaw is the most serious possible: what this means is that Apple is using the same broken design Microsoft implemented in 1996 or so, when they integrated the "browser' and the "desktop". I knew Apple had been moving towards a more integrated environment, and had expressed my concerns to Apple and online, but I didn't know when the other shoe was going to drop and what the symptom would be... I just knew it was coming.

Well, here it is. The real fix is to completely separate the 'helper' type->handler resolution into two separate sections: one for trusted references generated by local applications that know they are local and that already have local access; and one for untrusted references embedded in documents. ANY document, whether local or remote, should not be able to cause the launch of any helper unless that helper is known to be prepared to deal with untrusted data.

Not "unless it's not known to have a flaw", but unless it is known to be designed to expect untrusted data.

If Microsoft had done that almost a decade ago there would have been about 90% fewer virus and worm incidents in the Windows world. If Apple doesn't do it, they will soon lose the cachet of being "virus free by design" that they have now.
Fresh-Faced Recruit
Joined Jun 2003
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Click Now for Great Deals on FUJITSU Products!: Limited Time Offer on Lifebook Notebooks, Tablet PCs, and Ultra-Mobile PCs!

Get Special Offers on LENOVO Mobility Solutions!: TopSeller Desktops, affordable Notebooks, and much more while supplies last!

Get Special Rebates on SONY Mobility Solutions!: Synnex Resellers - Take advantage of Special Offers on a variety of Notebook series from Sony today!

Check out Rebates on MOTION COMPUTING Tablets!: Perfect for any Healthcare provider! Buy now and get rebates on Motion C5 and LE1700 Tablet PCs!

VMware Fusion for $59.99 - limited time offer: Run Windows on a Mac without rebooting with VMware Fusion

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.