Existing users, 
I haven't bothered to use this program. Instead I used More Internet to change my help:// URI handler. Not a perfect solution, but a better one.
What I'm curious about is whether or not it changes all OpenApp.scpt files on the machine. The issue doesn't exist simply with the OpenApp.scpt file within the Help Viewer app - it can be exploited for any OpenApp.scpt file that exists anywhere else.
Personally, I have 245 of them on my machine. And I have tested them - they can be exploited. So if this thing only changes the Help Viewer OpenApp.scpt one, there are still 244 open security holes. If it changes all of them, then good, it's covering it better.
Of course, the program would need to be re-run every time a new application is installed to ensure that any OpenApp.scpt files in there are changed as well.
Don't go there GURLfriend!
Fixes the help:// exploit
Version: 1.1
Does it change 'em all? - RAngol
No, but it adds more with 1.1. It's easy to get a list of what it's trying to change/patch by just opening Console or by acessing the main Sys log. I concur. Your approach is safer. But I plan to NOT run Safari again (finally chose Camino over FoxFire) until Apple patches their web kit correctly. This hack is a lot more work than simply following your suggestion. I wonder if they missed any? I don't have the time to track down a list and given the possibilities that any number of third party files may be sitting in there I'd prefer not to look. Third party? Yeah, they're not supposed to be in System/Library but take a look sometimes. ;)Reply to This
Wednesday, May 19 2004 @ 04:43 PM PDT