Re: Unsafe handlers revisited - Now Fixed
Re: Unsafe handlers revisited - Now Fixed
- Subject: Re: Unsafe handlers revisited - Now Fixed
- From: Sander Tekelenburg <email@hidden>
- Date: Sat, 22 May 2004 20:54:17 +0200
At 08:27 +0100 UTC, on 2004/05/22, Martin Orpen wrote:
>
on 21/5/04 6:24 pm, Michelle Steiner at email@hidden wrote:
>
>
> The bhelp:b protocol, by default assigned to Help Viewer, can be used
>
> to execute script files at a known path location on your computer.
>
>
Check Software Update.
>
>
Apple have a new Help Viewer in the latest security patch.
There seems to be reason to believe that this patch only closes 1 single
attack possibility. See <
http://www.unsanity.org/archives/000339.php>.
(I'm having trouble reproducing his claim. That's one reason I don't have any
details on it yet at
<
http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/> - I only
link to his page. Even when I do manage to reproduce it I probably publicize
all the details and I hope nobody else will. I have no wish to give crackers
new ideas. My only goal is to give people a place where all the bad
information is either not available, or shown to be bad, so people can
protect themselves.)
Note that this means this exploit is much bigger and has *nothing* to do with
AppleScript, meaning it is probably quite off-topic here. Follow-ups to
poster please.
--
Sander Tekelenburg, <
http://www.euronet.nl/~tekelenb/>
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.