 |
Search |
|
|
|
|
Classic 2 Guys |
|
10 Random Stories:
|
|
|
|
Fix for the big scary proof of concept |
|
 When I got up this morning, I was excited to see my software update already open. Security Update 2004-05-24 was waiting for me, and it's description of updated software simply read: help viewer application. As you may, or may not know since the Mac world has been going crazy since May 17th over a proof of concept safari vulnerability. well, actually it is a Help viewer vulnerability, not Safari. But Safari is what could allow the "vulnerability" in. See the link above for more details. Now, everyone stop reading this web page, and download that update! It's really important! Then, come back and read some more of our web page. We like having you around. |
|
May 22 2004, 9:04 AM EDT, by
 |
Comments:
|
| rlhamon |
5/22/04, 1:04 PM EDT |
Great I feel better now I know that I won't catch a theory virus.
|
| sweetjimmyhugs |
5/22/04, 1:09 PM EDT |
Oh no! A theory! AHHHHHHHH!
|
| cAtraXx |
5/23/04, 4:53 AM EDT |
I wish all security updates were that small :)
|
| cAtraXx |
5/23/04, 12:06 PM EDT |
Quote from another forum:
"
Alas, while I commend Apple for their unexpectedly quick response to the issue, I must condemn them for the response itself. The Security Update does close the help:runscript hole cleanly. However, there have since been discovered exploits of several other protocol handlers, including telnet:, disk:, and the ability to register your own schemes through the already-buggy LaunchServices API. My personal recommendation to protect yourself, and I make no guarantees of any kind, is to either:
Install the just-released Unsanity haxie, Paranoid Android.
As described at http://daringfireball.net/2004/05/unsafe_uri_handlers, use RCDefaultApp to disable the "unsafe" protocols.
Even if you use either of these, you should still install Apple's new Security Update to prevent the help: protocol exploit.
"
End quote.
Curious.
|
| rlhamon |
5/23/04, 12:43 PM EDT |
Sounds like FUD is still being passed around. I had Paranoid Android installed. Although it was a good program built to do it's job the program was quickly getting on my nerves. I felt like I was using XP again with zone alarm firewall it was that insane.
|
| Jonahan |
5/25/04, 1:53 PM EDT |
Is anyone else just kinda blaise about these security warnings? Sure someone -could- theoretically own your system, but what are the odds?
Although I must admit I did uncheck the "open safe files" in Safari. ;-)
|
| HTML Samurai |
5/25/04, 4:47 PM EDT |
I am just glad I didn't have to reboot after doing this one - sorry, I'm proud of my uptime on my Linux box (it only needs rebooting after installing kernel patches)!
|
| nhmacusr |
5/26/04, 10:25 AM EDT |
Hey guys,
Like always in Unix, there are a slew of things that you can do to prevent this stuff. Some of these settings are really common sense, like not letting safari open files on its own. Worth the read.....
http://daringfireball.net/2004/05/ounce_of_prevention
|
This article is archived, so you may not comment on it.
(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)
|
|
|
|
Site Links |
|
|
|
|
Deep Thoughts |
|
|
There should be a detective show called "Johnny Monkey," because every week you could have a guy say "I ain't gonna get caught by no MONKEY," but then he would, and I don't think I'd ever get tired of that.
|
|
Around Da Web |
|
| iProng: |
iPhone steals show at CTIA Wireless 2007
|
DLO offers dual cover fashion case for iPod
|
AT&T received 1M inquiries on iPhone
|
| MacDailyNews: |
Ars Technica in-depth review: Apple TV ?impressed all those who touched it?
|
Inside Apple?s Mac OS X 10.5 Leopard Server OS
|
The chips inside Apple TV
|
| Think Secret: |
Adobe Creative Suite 3 pricing revealed
|
|
|
We Like: |
|
|
|
|
Side Projects |
|
Jonahan
- JediPoker.net
- Jonahan.com
- iProng
- MacProng
iKen
Jedbeck
J.P.
|
|
