Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari Falls Victim to Remote Code Exploit

Posted by pudge on Monday May 17, 2004 @05:36AM from the the-most-important-thing-is-to-tell-people-how-to-use-the-exploit dept.

A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."

3 of 197 comments (clear)

Min score:

Reason:

Sort:

Re:Other browsers also affected by swotl · 2004-05-17 06:51 · Score: 0, Offtopic

Oh, and by the way - I am implying that Opera is based on core KDE originated libraries - something they've so far claimed it is not. They're LGPL'ed so it's probably no legal problem - but it kinda stinks.

--
- sig sig sputnik
Re:Pudge, you got it WRONG! More serious than this by Captain+Pedantic · 2004-05-17 07:10 · Score: 0, Offtopic

Normally, people who don't get 'their' submission accepted are the biggest whiners on Slashdot, so I'd be on your side.

However, if it is true that you don't need have "auto opening of safe files" turned on, then you have done a lot of your Mac-using readers a disservice (eg: these.) How about a quick correction?

--

None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
Re:Is this worth a story? by DAldredge · 2004-05-17 11:17 · Score: 0, Offtopic

How damn hard would it be to add spell check to this damn site?