• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: disk:// and help:// security problems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: disk:// and help:// security problems

  • Subject: Re: disk:// and help:// security problems
  • From: Izidor Jerebic <email@hidden>
  • Date: Sun, 23 May 2004 14:45:41 +0200
On 18 May 2004, at 18:31, Charles Srstka wrote:

On May 18, 2004, at 9:34 AM, Chilton Webb wrote:

This was considered the absolute worst security problem ever created, and I'm as amazed as everyone else that Apple decided to put this into MacOSX.

I am amazed, shocked, disappointed, and crestfallen.

In case anyone still thinks that this only affects you if you have "safe" files turned on, check this out. It doesn't even involve a DMG.

This hole has *many* evil uses.

http://bronosky.com/pub/AppleScript.htm


Well, the above is not all...
The URI schemes mixed with LaunchServices is *extremely* dangerous. See:

<http://daringfireball.net/2004/05/unsafe_uri_handlers>

and especially

<http://www.unsanity.com/haxies/pa/whitepaper>


Regards,

izidor
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: disk:// and help:// security problems
      • From: Charles Srstka <email@hidden>
References: 
 >disk:// and help:// security problems (From: "Michael Rothwell" <email@hidden>)
 >Re: disk:// and help:// security problems (From: Michael Rothwell <email@hidden>)
 >Re: disk:// and help:// security problems (From: Charles Srstka <email@hidden>)
 >Re: disk:// and help:// security problems (From: Chilton Webb <email@hidden>)
 >Re: disk:// and help:// security problems (From: Charles Srstka <email@hidden>)

  • Prev by Date: Any cocoa password applications, or which NS do i use???
  • Next by Date: Re: Avoiding == and = mixup in if statements
  • Previous by thread: Re: disk:// and help:// security problems
  • Next by thread: Re: disk:// and help:// security problems
  • Index(es):
    • Date
    • Thread