- TalkBack 14 of 38:
- Next »
- « Previous
- Thread View
- Flat View
- Genuine Issue
-
According to this advisory at Secunia, this is a critical flaw
that Apple put into OS X.
1) The problem is that the "help" URI handler allows
execution of arbitrary local scripts (.scpt) via the classic
directory traversal character sequence using
"help:runscript".
2) It is reportedly also possible to silently place arbitrary
files in a known location, including script files, on a user's
system using the "disk" URI handler.
Various variants of the URI handler vulnerabilities are
currently being discussed.
This has been confirmed on Macintosh OS X using Safari
1.2.1 (v125.1) and Internet Explorer 5.2. Other browsers
may also be used as attack vectors.
NOTE: The rating has been upgraded to "Extremely Critical"
because the issues are very easy to exploit and a large
number of working exploits are available.
Solution:{/b]
There is no efficient solution.
Ref:http://secunia.com/advisories/11622/ - Posted by: Fred Fredrickson Posted on: 05/19/04 You are currently: a Guest | Members login | Terms of Use
What You'll Hear Here
ericortner | 05/18/04
|
You forgot
PA-ITGuy | 05/19/04
|
I imagine not many
cuervo-gold | 05/19/04
|
Correct me if I'm wrong
PA-ITGuy | 05/19/04
|
|
admin is not the same as rot
Stuka | 05/19/04
|
|
Not root
PA-ITGuy | 05/19/04
|
|
This "should" not be effected by root priveledges
j.m.galvin | 05/19/04
|
|
not what I ment
Stuka | 05/19/04
|
|
Anyone but Root
BitTwiddler | 05/19/04
|
|
Re: BitTwiddler
nikoli | 05/19/04
|
|
OK
PA-ITGuy | 05/19/04
|
|
Comparing Apples to ______?
toadlife | 05/19/04
|
|
re: what it really means
ryusen | 05/19/04
|
|
Genuine Issue
Fred Fredrickson | 05/19/04
|
|
The efficient solution
j.m.galvin | 05/19/04
|
|
Solution
ndelc | 05/19/04
|
|
There is no efficient solution.
Fred Flintsone | 05/19/04
|
|
Hee hee
tic swayback | 05/19/04
|
|
Dumbest Comment Ever
xero11 | 05/19/04
|
|
wow hook line and sinker....
JoeMama_z | 05/19/04
|
|
One too many quarry rocks to the head for Fred
MacCanuck | 05/19/04
|
|
You have the wrong forum...
BitTwiddler | 05/19/04
|
|
*clap*clap*(nt)
ryusen | 05/19/04
|
|
Horrible, just horrible
FilledOut | 05/19/04
|
|
It's funny...
bjbrock | 05/19/04
|
|
what???
ryusen | 05/19/04
|
|
Feeling lonely?
DarbyOhara | 05/19/04
|
|
Ok, you're feeling lonely
FilledOut | 05/19/04
|
|
I see no need to bash ZD. At least not this time...
BitTwiddler | 05/19/04
|
|
It'
Ron Goodman | 05/21/04
|
|
In Action
cuervo-gold | 05/19/04
|
|
Link to example
cuervo-gold | 05/19/04
|
|
One of the bad things about Safari
j.m.galvin | 05/19/04
|
|
Oooh. That's pretty scary all right.
Immanuel Tranz-Mischen | 05/19/04
|
|
I'm buying a PC
rkadowns | 05/19/04
|
|
Fess up you own a peecee alreadee don't ya
Squawkbox | 05/19/04
|
|
Here is the Secunia.com site and a slab of explanation from them
Squawkbox | 05/19/04
|
|
MAC
Enterprise Analyst | 05/22/04
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Check out Doc’s Blog on ZDNet
- Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
- Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
-
Produced by
ZDNet and -
