Re: Unsafe handlers revisited - Now Fixed
Re: Unsafe handlers revisited - Now Fixed
- Subject: Re: Unsafe handlers revisited - Now Fixed
- From: Sander Tekelenburg <email@hidden>
- Date: Sun, 23 May 2004 09:59:56 +0200
At 15:45 -0500 UTC, on 2004/05/22, John C. Welch wrote:
>
On 5/22/04 1:54 PM, "Sander Tekelenburg" <email@hidden> wrote:
>
>
>> Apple have a new Help Viewer in the latest security patch.
>
>
>
> There seems to be reason to believe that this patch only closes 1 single
>
> attack possibility. See <http://www.unsanity.org/archives/000339.php>.
>
>
>
> (I'm having trouble reproducing his claim. That's one reason I don't have
>
>any
>
> details on it yet at
>
> <http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/> - I
>
>only
>
> link to his page. Even when I do manage to reproduce it I probably publicize
>
> all the details and I hope nobody else will. I have no wish to give crackers
>
> new ideas.
That was of course meant to say "I probably *won't* publicize all the details".
But the news of this much bigger hole is spreading like crazy now (which
helped me understand it too) over Web sites and newsgroups. So I've decided
to go public (tried hard to avoid turning it into a manual). No doubt the bad
guys already know how to abuse this. Time to get the good guys informed.
[...]
>
Ran some tests...if you disable the disk and disks URI scheme in launch
>
services, the Unsanity exploit fails to do anything.
I hate to disappoint you but: only the one that uses the disk scheme schemes.
There appear to be plenty more schemes that are more than willing to mount
remote disk images. Already 2 POCs that use ftp have been published. Are you
going to disable ftp too?
Read my update at
<
http://www.euronet.nl/~tekelenb/playground/security/URLschemes/>.
The good news is that clearly none of this has anything to do with
AppleScript (assuming the applescript: URL scheme is safe) so AppleScript's
good name hopefully won't be trashed any further ;) So let's move this thread
elsewhere. <
news:comp.sys.mac.system> is appropriate.
--
Sander Tekelenburg, <
http://www.euronet.nl/~tekelenb/>
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.