Yet Another Mac OS X Protocol Handler Exploit

Rosyna writes "Apple just can't get any breaks lately. First the help protocol handler exploit (which has been fixed), then the telnet handler exploit, and now an exploit for any arbitrary protocol handler: make your own, then exploit it. You can auto mount a volume in Mac OS X via the disk, afp, or ftp handlers (and probably others). Paranoid Android will help prevent exploitation until Apple fixes the problem." The hole here is that when a volume with an application on it is mounted, Apple registers the application's specified protocol handlers, without additional user action. Another option is to disable those handlers that allow volume mounting, but playing that game, obviously, isn't a guaranteed win in the long run.

Only 10.3? Weak

[rixstep]

Paranoid Android is for 10.3 only. Xcode comes with the ability to 'back-compile' to 10.1.5 and 10.2.7. Offering the other images, or one image that works on all, should be no bother. Offering only 10.3 is weak - very weak.