Slashdot Mirror


Safari Falls Victim to Remote Code Exploit

A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."

3 of 197 comments (clear)

  1. Wow by mcgroarty · · Score: 5, Funny
    I've got to hand it to Apple...

    "help:runscript=..."

    No double-decode, unicode obfuscation, or CMD.EXE parms. Even the exploits are user-friendly!

  2. That's it.. by Carlos+Silva · · Score: 5, Funny

    I'm switching to Windows!

  3. Good days ahead by vijaya_chandra · · Score: 5, Funny

    First signs that apple's really in competition with Microsoft