Another URI exploit in Mac OS X?
updated 11:40 pm EDT, Fri May 21, 2004
Another URI exploit?
A MacNN reader points to yet to protect Mac OS X until an official fix is available from Apple.
toggle
Comments
-
05/22, 01:25pm |
|
|
Re: Only works for 10.2
Thanks for this information.
-
05/22, 04:24pm |
|
|
This is huge
why isn't this front page news on every mac site? I guess they don't want it to get too much publicity before a fix is in place?
-
05/23, 10:24am |
|
|
Is it just me?
While these things need to be fixed for sure, it seems to me things were overblown this week. It's not a virus, not a worm, isn't self propogating. How many people do you know that were impacted by this? I'd say likely none of you do. So while it needs to be fixed, let's keep some perspective here.
-
05/24, 03:23am |
|
|
Overblown?
I doubt you are this kind to Microsoft.
-
05/24, 05:26am |
|
|
Not overblown
This is a genuine and very serious security flaw.
-
05/24, 02:35pm |
|
|
Scary flaw
This flaw is the most serious possible: what this means is that Apple is using the same broken design Microsoft implemented in 1996 or so, when they integrated the "browser' and the "desktop". I knew Apple had been moving towards a more integrated environment, and had expressed my concerns to Apple and online, but I didn't know when the other shoe was going to drop and what the symptom would be... I just knew it was coming.
Well, here it is. The real fix is to completely separate the 'helper' type->handler resolution into two separate sections: one for trusted references generated by local applications that know they are local and that already have local access; and one for untrusted references embedded in documents. ANY document, whether local or remote, should not be able to cause the launch of any helper unless that helper is known to be prepared to deal with untrusted data.
Not "unless it's not known to have a flaw", but unless it is known to be designed to expect untrusted data.
If Microsoft had done that almost a decade ago there would have been about 90% fewer virus and worm incidents in the Windows world. If Apple doesn't do it, they will soon lose the cachet of being "virus free by design" that they have now.
Login Here
OR
toggle
Network Headlines
toggle
Most Popular
Recent Reviews
Logitech Cube
The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...
NewerTech and Targus USB Hubs For Gifts
A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...
X-Rite ColorMunki Photo
Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...
toggle
Most Commented
10 Most Discussed
- JC Penney CEO Johnson defends choice of DeGeneres
- Leaks: whole MacBook Pro line to drop optical...
- Samsung: image quality would fend off possibl...
- Sony Music caught inflating price for Whitney...
- Google loses exclusion of incriminating mail ...
- Report: Apple's phone dominance comes from ma...
- Amazon Kindle Fire ad: three of these less th...
- Apple rumored rounding up graphics-heavy apps...
- Rumor has iPad 3's A6 chip as faster dual-cor...
- Nielsen: Samsung ad forgotten by most Super B...
- Foxconn iPad worker documents poor labor cond...
- iPad seen hitting 1m in Korea as Galaxy Tab s...
- VLC 2.0 to get Blu-ray support in OS X, 64-bi...
- Microsoft to open Austin store on Apple turf
- Kodak to stop making cameras, end era
Popular News
Fresh-Faced Recruit
Joined: May 2004
Only works for 10.2...
Only works for 10.2.8 Jaguar, and in the security patch for this version of os x it's already patched...
The update for 10.2.8 says:
"Security Update 2004-05-24 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
HelpViewer
Terminal"