Linked by Thom Holwerda on Tue 21st Feb 2006 17:59 UTC
Mac OS X "[Last week], we reported on a Trojan horse for Mac OS X that is just like the entry for Earth in the Hitchhiker's Guide to the Galaxy in that it is mostly harmless. A new vulnerability targeted at Apple's home-grown web browser, Safari, is another matter entirely. A German security firm appears to have been the first to discover the Safari flaw, which allows for shell scripts to be executed after clicking a link."
Thread beginning with comment 97939
To read all comments associated with this story, please click here.
Quick Fix
by mdsama on Tue 21st Feb 2006 20:43 UTC
Member since:

I checked out and the quickest fix to this vulnerability is to move from /Applications/Utilities/ . I moved mine to /Applications/ and the demo script no longer executes in the terminal but tries to load (and fails) in

(Not saying the vulnerability isn't a real problem etc, just a heads up -- seems to me this is probably a good thing to do if you are to continue using Safari)

Edited 2006-02-21 20:44

Reply Score: 1

RE: Quick Fix
by ormandj on Tue 21st Feb 2006 20:56 in reply to "Quick Fix"
ormandj Member since:

That really doesn't "fix" the vulnerability. It just means the author has to change the shell script a bit to point to the right path. The fix is disable opening "safe" files after downloading (temporary) and then Apple rolling out something to make executables easily found. This means changing pardigrams for file information, and not relying on the file creator's "word" so to speak.

Reply Parent Score: 1

RE[2]: Quick Fix
by mdsama on Tue 21st Feb 2006 21:09 in reply to "RE: Quick Fix"
mdsama Member since:

You're right it's not a "fix" but I'm assuming each script can only refer to one path for the app, and I'm also assuming a trojan would be set to refer to the default path, so it seems like a good idea for the time being to me, until a real fix, as you say, is rolled out.

Reply Parent Score: 1