|
#1
May 19th, 2004, 09:14 AM
| ||||
| ||||
| Safari Security Hole Don't Go There, GURLfriend 1.0 18 May 2004 We've just released Don't Go There, GURLfriend! 1.0 . DGTGF is an application you can use to patch away the OS X exploit found at http://bronosky.com/pub/AppleScript.htm quickly and efortlessly. Miroku Hotei, Ollie Wagner http://isophonic.net/ http://homepage.mac.com/olliewagner/dgtgf.dmg
__________________  |
|
#2
May 19th, 2004, 11:58 AM
| ||||
| ||||
|
__________________ This is a computer-generated message and needs no signature. |
|
#3
May 19th, 2004, 12:00 PM
| ||||
| ||||
| From xcl8 Patcher for Safari/Help Viewer Vulnerability? - I've not tested this personally, but MU today lists Don't go there GURLfriend! 1.0 which claims to fix the help:// exploit in Safari mentioned yesterday. "(from http://isophonic.net/ source site) Don't Go There, GURLfriend 1.0 18 May 2004 We've just released Don't Go There, GURLfriend! 1.0 . DGTGF is an application you can use to patch away the OS X exploit found at http://bronosky.com/pub/AppleScript.htm quickly and efortlessly." Many (understandably) are leery of running this sort of thing however. A MU reader posted another suggestion (similar to what was suggested yesterday as a better option that just disabling opening 'safe' files) - remapping the Help association using More Internet prefs pane to use a text editor instead. Another reader wrote with his suggested fix: " Hi Mike, here's a quick, and harmless (read; reversible) fix for the help autolaunch vulnerability: First, make a Backup copy of /Library/Documentation/Help/MacHelp.help. Next do a show contents on the original, and find:Contents/Resources/English.lproj/shrd/OpnApp.scpt Make the change as shown below (adding the two dashes in front of "open file completeParam of the startup disk" (This comments out that line of code, so it won't run.) on <event helphdhp> (completeParam) -- localizable text set cancelBtn to "Cancel" set errorText to "The item cannot be opened. It may be disabled or not installed." --end localizable text try tell application "Finder" -- open file completeParam of the startup disk end tell on error errMsg number errNum display dialog errorText buttons {cancelBtn} default button 1 with icon 0 return end try end <event helphdhp> Save the file. Remove all your foreign language versions of the same help file (at the Resources level) After doing this, the help file will still run, but will not be able to "open xyz for me" Later on, you can replace your patched copy with the backup copy of MacHelp.help you made in step one, and apply Apple's (forthcoming) fix to it. Meanwhile, you'll be safe from that exploit. hth Cordially, Tracy V. "
__________________ This is a computer-generated message and needs no signature. |
|
#4
May 19th, 2004, 12:04 PM
| ||||
| ||||
|
__________________ This is a computer-generated message and needs no signature. |
|
#5
May 19th, 2004, 01:03 PM
| ||||
| ||||
| This isn't a hole in Safari, just how OS X handles the help:// protocol. Safari, IE, Mozilla(I think) all hand off those protocols to the OS, and the bug is in the Applescript and not any browser.
__________________ MacBook Pro 2.16GHz Core2Duo 3GB RAM, G4 1.4GHz OSX Tiger 1.25GB RAM, Dual 2GHz G5 OSX Tiger 2GB RAM (freakin shweet) Athlon 64 Windoze XP for school work (programming) 1GB RAM dferns@macosx.com |
|
#6
May 19th, 2004, 03:07 PM
| ||||
| ||||
| Disabling the opening of 'safe' attachments will prevent an attacker from first planting a script on your computer, then executing it with the help:// protocol. It doesn't stop the attacker executing a script they already know is there.
__________________ What is the robbing of a bank compared to the founding of a bank? -- Bertold Brecht |
|
#7
May 19th, 2004, 03:34 PM
| ||||
| ||||
| Apparently you can use an Applescript in the Help program to execute pretty much any unix command, not just something on a dmg that you have to download and mount.
__________________ MacBook Pro 2.16GHz Core2Duo 3GB RAM, G4 1.4GHz OSX Tiger 1.25GB RAM, Dual 2GHz G5 OSX Tiger 2GB RAM (freakin shweet) Athlon 64 Windoze XP for school work (programming) 1GB RAM dferns@macosx.com |
|
#8
May 20th, 2004, 06:26 AM
| ||||
| ||||
| Quote:
__________________ This is a computer-generated message and needs no signature. |
