View this article at: http://www.macnn.com/articles/04/05/18/mac.os.x.safari.security/ Tuesday, May 18, 2004 5:45pm Details on Mac OS X/Safari security vulnerability eWEEK has a follow-up report on the Mac OS X/Safari security vulnerability first noted by MacNN yesterday: "The issue revolves around two URI handlers, 'help' and 'disk.' The first allows any AppleScript on the user's machine to be run, while the second allows users to mount a disk image automatically over a network. In theory, this allows malicious users to create a Web page that will either download a small disk image onto a Mac or mount it remotely, then execute an AppleScript on the mounted image, which could contain any Unix command— including ones to remove any file in the user's Home directory. The flaw works with any browser, including Safari, Internet Explorer, and Firefox." One reader has posted a webpage that offers details on the problem and several examples of scripts that will automatically execute when viewing a page [warning: clicking on the link will execute an non-destructive 'du' command in the terminal as an example] Isophonic.net has released a third-party fix for the security vulnerability: GURLfriend 1.0.