Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge security hole in Internet Explorer for MacOS

Posted by ryuzaki0 on from the now-thats-really-funny dept.

Brad Lucier writes "Macintouch is reporting (go down the page a bit) that Internet Explorer 5.1, which comes preinstalled on MacOS X 10.1, has a huge security hole---when it downloads arbitrary programs encoded in the Macintosh's standard BinHex (.hqx) format, it automatically executes them. " Well I guess thats one way to make Unix insecure. Can anyone actually confirm this since it looks kinda sketchy. I wonder what someone's rationale would be for that:"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!".

5 of 606 comments (clear)

  1. look in the preferences by bubbo · · Score: 2, Redundant

    In the preference options, under download options, there is a checkbox for opening binhex, and macbinary files automatically. If you are really concerned about it, turn it off.

  2. Replace IE On Any System by PRickard · · Score: 2, Redundant

    For a full list of replacements for Internet Explorer on any computer system, check out the Internet Explorer listing on MSBC's The Alternative. It's worth a read to see just how many IE replacements are available, quite a few of them for Macs.

    --

    == Paul Rickard, Editor of The Microsoft Boycott Campaign ====

  3. Simple fix for the problem by DragonPup · · Score: 2, Redundant

    Under IE5.1 Final for OS X, go into it's preferences. Under the Recieving Files catagory, choose Download Options. There's 2 checked items by default. 'Automatically decode BinHex' and 'Automatically decode MacBinary'. Uncheck them both and hit ok. IE will now send those files over to Stuffit Expander, like it should. Easy, isn't it?

    -Henry

    --
    "Useless organic meatbag" -HK-47
  4. But why the HELL... by Ungrounded+Lightning · · Score: 1, Redundant

    You can turn off the automatic decoding of bin.hex files ...

    But why the HELL was it on by DEFAULT?

    Oh, right.

    It's a Microsoft program.

    Never mind.

    (The fact that it's for use on a non-Microsoft platform, and thus could make that platform vulnerable to malicious cracking, probably wasn't even a factor.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  5. Re:Not true by sugarbomb · · Score: 1, Redundant

    Root may be the owner of the file, but that does not mean root owns the process when TruBlue is launched. Classic is just another application, and not a system function. As an app, the only way it gets root power is if a password is entered by an administrative user.