Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari Falls Victim to Remote Code Exploit

Posted by pudge on from the the-most-important-thing-is-to-tell-people-how-to-use-the-exploit dept.

A user writes, "A new vulnerability has been found in Mac OS X's Safari, which will launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', assuming a known path (which is possible when Safari is set to automount disk images (which is the default)). A nice working demonstration is available on insecure.ws while the incident has been reported on Full-Disclosure."

7 of 197 comments (clear)

  1. Re:Pudge, you got it WRONG! More serious than this by Anonymous Coward · · Score: -1, Offtopic
    Well I tried to save this post from the fate of -1 but it seems there are other moderators out there who like to surpress information like this.

    THIS IS NOT FLAMEBAIT YOU TWITS!!!

    p.s. posted anonymously to save my postive moderation on the comment.

  2. Re:Other browsers also affected by swotl · · Score: 0, Offtopic

    Oh, and by the way - I am implying that Opera is based on core KDE originated libraries - something they've so far claimed it is not. They're LGPL'ed so it's probably no legal problem - but it kinda stinks.

    --
    -
    sig sig sputnik
  3. Re:Pudge, you got it WRONG! More serious than this by jdb8167 · · Score: -1, Offtopic

    Someone please mod the parent up. The exploit is possible even if you don't have open safe files turned on.

    The parent poster is correct and it isn't flamebait. The original story is not completely accurate.

  4. Re:Pudge, you got it WRONG! More serious than this by Captain+Pedantic · · Score: 0, Offtopic

    Normally, people who don't get 'their' submission accepted are the biggest whiners on Slashdot, so I'd be on your side.

    However, if it is true that you don't need have "auto opening of safe files" turned on, then you have done a lot of your Mac-using readers a disservice (eg: these.) How about a quick correction?

    --

    None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
  5. Re:MOD PARENT DOWN by Anonymous Coward · · Score: -1, Offtopic
    yeah, what a jack ass, I can't believe he went through the trouble of providing a link not provided in the article and confirming that the fix in the article worked for him...

    modding down is too good for that sort of vile scum, let's lynch him

  6. Re:omg no by Anonymous Coward · · Score: -1, Offtopic

    u hav fish on ur penis? i hav penis in my fish! looooooooooooool!!! ekekekekekek!

    \@_@/ ...weks!!

    do u wan a hard sex wit dat fish of urs????? wowwwwwww.....

  7. Re:Is this worth a story? by DAldredge · · Score: 0, Offtopic

    How damn hard would it be to add spell check to this damn site?