Re: Unsafe handlers revisited - Now Fixed
Re: Unsafe handlers revisited - Now Fixed
- Subject: Re: Unsafe handlers revisited - Now Fixed
- From: "John C. Welch" <email@hidden>
- Date: Sat, 22 May 2004 15:45:23 -0500
On 5/22/04 1:54 PM, "Sander Tekelenburg" <email@hidden> wrote:
>
> Apple have a new Help Viewer in the latest security patch.
>
>
There seems to be reason to believe that this patch only closes 1 single
>
attack possibility. See <http://www.unsanity.org/archives/000339.php>.
>
>
(I'm having trouble reproducing his claim. That's one reason I don't have any
>
details on it yet at
>
<http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/> - I only
>
link to his page. Even when I do manage to reproduce it I probably publicize
>
all the details and I hope nobody else will. I have no wish to give crackers
>
new ideas. My only goal is to give people a place where all the bad
>
information is either not available, or shown to be bad, so people can
>
protect themselves.)
Ran some tests...if you disable the disk and disks URI scheme in launch
services, the Unsanity exploit fails to do anything.
john
--
You can use Krazy Glue in lieu of surgical stitches. For when you9re, you
know, too poor to go to the emergency room. Or trying to avoid explaining
things to the police.
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.