Existing users, 
Don't go there GURLfriend!
Fixes the help:// exploit
Version: 1.1
Tweaking a preference helps?
Feedback Type: Commentary
Contributed by: clvrmnky Tuesday, May 18 2004 @ 08:16 PM PDT
Product Platform: MacOSX
Used Product For: Have Not Tried
Wouldn't clearing the Safari preference that controls auto-open of "safe" files after downloading stop most implementations of this exploit at it's source? My understanding is that this exploit is taking advantage of the fact that the attacker knows the pathname of an executable because they gave it to you in the form of a disk image.
Tweaking a preference helps? - clvrmnky
To clarify, disabling auto-mount on download makes it hard for someone to give you a disk image that contains, say, an Applescript that contains "rm -rf $HOME". However, clever coders can just guess at a nice script that you might already have in standard places. Allowing URLs to run arbitrary apps is probably not a good idea.So, I thought I'd mention "More Internet" as well, as you can use this custom pref panel to change the help:// protocol to something besides the Help application, if you are really paranoid about this.
Personally, I'm just going to review my various Applescripts to see if any of 'em are all that dangerous.
Yup. It's a bug. A nasty one. Welcome to Windows-strength exploits, y'all.
Reply to This
Tuesday, May 18 2004 @ 08:29 PM PDT