May 19, 2004

Critical security flaw in Safari

Security firm Secunia has published a security advisory about a critical security flaw in Safari and IE 5.2 which allows for the execution of scripts in the system with a simple URL, such as this one :

<a href="help:runscript=MacHelp.help/Contents/Resources/English.lproj/shrd/OpnApp.scpt string=usr:bin:top">click to run 'top'</a> (test for yourself if you’re on Mac OS X, the following link will launch a Terminal window and execute the utility ‘top’ that shows the running processes: click to run ‘top’, just press ‘q’ to quit top then quit the Terminal and the Help Viewer.)

[Via MacMinute and CNet which says that Apple is aware of the issue. Code above from Simon Willison]

P.S.: if you’re of the paranoid type you have a few solutions until Apple fixes this flaw:

  • Install Don’t Go There GURLFriend! from isophonic.net
  • Install MoreInternet and map the “help:” URI handler to some harmless application such as Chess
Posted by François at May 19, 2004 02:32 PM
Comments

  1. Contrary to what the advisory says, it is a bug in the 'help' viewer, and ALL browsers running on OS X10.3 are affected, as they can pass the URL along.

    · 02:09 AM on May 20, 2004 · comment by Philippe · #

  2. You're right, it works in all browsers which launch Help which in turns executes what's in the URL.

    · 06:23 AM on May 20, 2004 · comment by François · #

Post a comment (comment policy)









Remember personal info (eat a cookie)?

Some HTML is allowed (use <A> to place a link). Line breaks will be converted to paragraphs.