Safari Falls Victim to Remote Code Exploit

A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."

Wow

[mcgroarty]

I've got to hand it to Apple...

"help:runscript=..."

No double-decode, unicode obfuscation, or CMD.EXE parms. Even the exploits are user-friendly!

That's it..

[Carlos+Silva]

I'm switching to Windows!

omg no

omg no!! wat wil i do?
some1 help meeeeeeee!!!!!!!

\@O@/

Good days ahead

[vijaya_chandra]

First signs that apple's really in competition with Microsoft

HA HA HA

[zulux]

I SO GLAD MY TRS-80 COCO ISENT
VULNERABLE TO THIS. ALL YOU PE
OPLE WITH FANCY GUI COMPUTERS
WILL REGRET IT SOME DAY.

OK
?
OK
?

(Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.)

Re:Um, what privilidges does it run at?

Congratulations on completely missing the point.

Re:Pudge, you got it WRONG! More serious than this

> Also, MSIE allows changing it, and it is included with Mac OS X

Using MSIE to workaround an OS X security issue, imagine that!

Re:Changing the settings

I'm afraid to click on a URL containing "monkeyfood" in it in this kind of thread.

on a totally unrelated note...

[ansleybean]

I'd like to announce the unveiling of my new website, http://www.iwilltotallyhax0ryourmac.com/evil_page. htm

Re:No,:That won't make a difference

Opera doesn't run the links...

finally a reason to use opera