Slashdot Mirror


Safari Falls Victim to Remote Code Exploit

A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."

5 of 197 comments (clear)

  1. Wow by mcgroarty · · Score: 5, Funny
    I've got to hand it to Apple...

    "help:runscript=..."

    No double-decode, unicode obfuscation, or CMD.EXE parms. Even the exploits are user-friendly!

  2. That's it.. by Carlos+Silva · · Score: 5, Funny

    I'm switching to Windows!

  3. Good days ahead by vijaya_chandra · · Score: 5, Funny

    First signs that apple's really in competition with Microsoft

  4. HA HA HA by zulux · · Score: 4, Funny

    I SO GLAD MY TRS-80 COCO ISENT
    VULNERABLE TO THIS. ALL YOU PE
    OPLE WITH FANCY GUI COMPUTERS
    WILL REGRET IT SOME DAY.

    OK
    ?
    OK
    ?

    (Lameness filter encountered. Post aborted!
    Reason: Don't use so many caps. It's like YELLING.)

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  5. on a totally unrelated note... by ansleybean · · Score: 2, Funny

    I'd like to announce the unveiling of my new website, http://www.iwilltotallyhax0ryourmac.com/evil_page. htm