• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: disk:// and help:// security problems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: disk:// and help:// security problems

  • Subject: Re: disk:// and help:// security problems
  • From: Gregory Weston <email@hidden>
  • Date: Tue, 18 May 2004 07:11:08 -0400
On May 18, 2004, at 1:00 AM, Allan Odgaard wrote:

Also the user must have auto-open 'safe' downloads turned on _and_
have his/her download location known to the attacker (probably
~/Desktop).

Let index.html have two frames, the first with a disk:-URL to a
disk-image and let the second use meta-refresh with a small delay and
the new target
help:runscript=/Volumes/DiskImageWeJustMounted/Dangerous.scpt -- it's
that simple!

But, as Jonathan pointed out, it fails if 'Open "safe" files after downloading" is off. Now _I_ don't understand why that option is on by default. I found it extremely annoying that I noticed it happening. And I turned it off. It's that simple.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: disk:// and help:// security problems
      • From: Nicko van Someren <email@hidden>
  • Prev by Date: Re: better image scaling?
  • Next by Date: Re: improving numerical applications performance
  • Previous by thread: Re: disk:// and help:// security problems
  • Next by thread: Re: disk:// and help:// security problems
  • Index(es):
    • Date
    • Thread