Slashdot Mirror


Safari Falls Victim to Remote Code Exploit

A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."

2 of 197 comments (clear)

  1. Um, what privilidges does it run at? by Llywelyn · · Score: 5, Insightful


    From the bulletin:
    ---------------
    This can potentially wipe the entire hard-disk (or large parts of it),
    if a hacker runs a script with "rm -rf /" included.
    ---------------

    Unless this has a built-in privilege escalation, I don't see how this is true. If it just runs as the user (which it appears to) then you could erase the users information that way, but not the disk.

    --
    Integrate Keynote and LaTeX
  2. Re:Is this worth a story? by mcgroarty · · Score: 5, Insightful
    "It just isn't a big deal"

    One concealed tinyurl link on Slash or an Apple forum, or a tiny frame with a redirect to:

    <a href=help:runscript=/bin/rm%20-Rf%20%2f>
    is enough to run "rm -Rf /". Wiping out all user data with half a line of html isn't a big deal?

    All companies have their own share of browser bugs, but this one's a doozy, so don't play it down. Prudence says you should exercise the utmost caution or use Mozilla until there's a fix.