Huge security hole in Internet Explorer for MacOS

Brad Lucier writes "Macintouch is reporting (go down the page a bit) that Internet Explorer 5.1, which comes preinstalled on MacOS X 10.1, has a huge security hole---when it downloads arbitrary programs encoded in the Macintosh's standard BinHex (.hqx) format, it automatically executes them. " Well I guess thats one way to make Unix insecure. Can anyone actually confirm this since it looks kinda sketchy. I wonder what someone's rationale would be for that:"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!".

Well!

[Guillaume+Ross]

User friendly = often insecure Look at IIS !

if you're stupid enough to run an executeable

in the first place...

Dammit!

I could have had first fucking post if you would turn that damn post delay off

FUCK!!!

Re:Dammit!

yeah, and I would have been your father, except the dog best me up the stairs.

Near-Useless Security

[Giant+Hairy+Spider]

Most users don't care so much about the system files, which are just a matter of rerunning the install process. Their personal data is far more valuable to them.

Maybe this will save a little data on systems with multiple users, but we're talking about personal computers here. By definition they are primarily used by one person.

The protection offered by an administrator account is minimal.

Thanks, Apple

[green+pizza]

Didn't anyone see this coming?? I can't belive Apple would allow such a dumb "feature".

I do have one question, though... being a Unix-derrived OS, does the average user on a Mac OS X system have sufficent privlages to destroy anything outside of his home directory?

Not M$

[green+pizza]

Internet Explorer on the MAC has nothing to do with Microsoft. It's developed, published, and installed by Apple.

Re:That's OK ...

[codeforprofit2]

Oh! Mod this up! He spelled MS with a $!!!

Duh!

Don't you know? That's not a bug, it's a *feature* !!! M$ has a lot of features like that...

MAJOR SECURITY HOLE

In ass there is a security hole that allows penises to enter it without the user's consent.

more information

Re:OS 10.0.1 IE hole.

That's FIVE systems you cock gobbling fag.

Re:Intrinsic Security in OS X - It's even worse...

[MrResistor]

There have been a lot of posts saying that "savvy users will disable this" and "they'd have to be logged on as admin". I can honestly say that I don't know any savvy Mac users (not syaing they don't exist, just that I don't know any), and unfortunately the Mac isn't marketed towards savvy users. Your post has basically confirmed my worst fears. None of the Mac users I know would change their user accounts from admin to user. Even if they knew how, it would be inconvenient, and therefore unacceptable. It's kind of sad, really.

The Linux Community saw this coming years ago....

That's why we wanted *A MICROSOFT PORT OF IE TO LINUX*

Re:Preferences

[Andrewkov]

Wow, it's nice that Mac users can now enjoy the ease of use and power of Microsoft programs. I wonder if they'll want to switch to a Wintel machine after this one bites them in the ass!

Idiots

[youreanidiot]

Well I guess thats one way to make Unix insecure.

That.. and it's 10 plus year running history of remotely exploitable buffer overflows. But yeah.