• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Unsafe handlers revisited - Now Fixed
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unsafe handlers revisited - Now Fixed


  • Subject: Re: Unsafe handlers revisited - Now Fixed
  • From: "John C. Welch" <email@hidden>
  • Date: Sat, 22 May 2004 15:45:23 -0500

On 5/22/04 1:54 PM, "Sander Tekelenburg" <email@hidden> wrote:

>> Apple have a new Help Viewer in the latest security patch.
>
> There seems to be reason to believe that this patch only closes 1 single
> attack possibility. See <http://www.unsanity.org/archives/000339.php>.
>
> (I'm having trouble reproducing his claim. That's one reason I don't have any
> details on it yet at
> <http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/> - I only
> link to his page. Even when I do manage to reproduce it I probably publicize
> all the details and I hope nobody else will. I have no wish to give crackers
> new ideas. My only goal is to give people a place where all the bad
> information is either not available, or shown to be bad, so people can
> protect themselves.)

Ran some tests...if you disable the disk and disks URI scheme in launch
services, the Unsanity exploit fails to do anything.

john

--
You can use Krazy Glue in lieu of surgical stitches. For when you9re, you
know, too poor to go to the emergency room. Or trying to avoid explaining
things to the police.
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.


  • Follow-Ups:
    • Re: Unsafe handlers revisited - Now Fixed
      • From: Sander Tekelenburg <email@hidden>
References: 
 >Re: Unsafe handlers revisited - Now Fixed (From: Sander Tekelenburg <email@hidden>)

  • Prev by Date: Re: Panther Help Viewer Problem Fixed [OT]
  • Next by Date: Re: Variable renaming and managing a folder
  • Previous by thread: Re: Unsafe handlers revisited - Now Fixed
  • Next by thread: Re: Unsafe handlers revisited - Now Fixed
  • Index(es):
    • Date
    • Thread