Linked by Thom Holwerda on Tue 21st Feb 2006 17:59 UTC
Mac OS X "[Last week], we reported on a Trojan horse for Mac OS X that is just like the entry for Earth in the Hitchhiker's Guide to the Galaxy in that it is mostly harmless. A new vulnerability targeted at Apple's home-grown web browser, Safari, is another matter entirely. A German security firm appears to have been the first to discover the Safari flaw, which allows for shell scripts to be executed after clicking a link."
Thread beginning with comment 97954
To view parent comment, click here.
To read all comments associated with this story, please click here.
Ben2040
Member since:
2005-06-29

rm -rf ~/ isn't a security vulnerability, it's a feature. If you're too stupid to have backups of important files, and too ignorant to run under a non-privlidged user account, then you deserve losing everything.

lol! Why the hell would anyone stupid enough to type this even have a command line open?!?! Same for the Windows "flaw"....

Reply Parent Score: 1

ormandj Member since:
2005-10-09

"lol! Why the hell would anyone stupid enough to type this even have a command line open?!?! Same for the Windows "flaw"...."

They don't have to type it, and they don't have to have the command line open. A simple shell script disguised as a jpeg would do the job. ;) That's the issue at hand and discussed in the article.

The problem isn't people are so stupid as to type in commands they don't understand into a terminal, the issue is they will click on *random file name* from *random source*. Oh, and all the grandmas and 16 y/os who forward every little thing they get to hundreds of their friends. (Kidding about the grandmas and 16 y/os, although my grandmother has this habit. ;) ) I did finally get her to stop downloading "reallycoolcheckitout.exe" from random spam mail and sending it to her entire mailing list of contacts. I suspect her entire church is full of spyware laden machines by now. ;)

Reply Parent Score: 2