Mac OS X Security Issue: Local Scripts

Infoworld reports on a new security vulnerability that affects Mac OS X/Safari.

The vulnerability involves the ability for Safari to run arbitrary local scripts on an end-user's computer. In order to accomplish this, a Disk Images must first be downloaded from the "attacking" website but can be tied to a single click.

A demonstration can be found at insecure.ws.

I just read this article on another site, but thanks for the link. I did the demonstration and it indeed is a vulnerability.

I altered some of my settings for safari as was suggested but I cannot find where to alter this setting:

- change the help helper in InternetConfig (better protection)

If anyone could point in me in the right direction, that'd be much appreciated!

Cheers,

PolarbearTed

anyways, most people tend to not exploit os x security holes, do to the little amount of people it would harm, we are deemed as a group not worth the effort of a virus...

aethier

Is it just me or do these sites seem hell bent on finding ANYthing wrong with OS X. Has anyone actually run across this as being a problem? Any of these supposed CRITICAL security flaws? Nope, didn't think so.

No. But at least Apple's issues are fewer, and patched quicker, than in Windows.

Besides, this issue may not even be real. I'm just now trying the demonstration and it doesn

Is it just me or do these sites seem hell bent on finding ANYthing wrong with OS X. Has anyone actually run across this as being a problem? Any of these supposed CRITICAL security flaws? Nope, didn't think so.

You don't call the ability to run a rm -Rf / on your Mac critical??

Oh great why not tell them all how to do it!

Oh great why not tell them all how to do it!

If I wanted to be mean I'd post a script to email copies of itself to everyone in your mac address book launched from this exploit (it renders HTML using the Safari engine remember).

I can imagine it now - FREE XXX PR0N CLICK HERE!! *clickety*

Does anybody feel that this, in part, is the Mac community's fault? We go on blabbing how we have no viruses/trojan horses/etc and low and behold, we get two issues in a week. It is almost as we dared them to come up with these and now that they have arisen, we are pissed b/c it seems the world is picking apart the Mac OS. Perhaps had we not had this "holier than thou" attitude, we wouldn't be worrying about this.

I think you shouldn't look at it as such a bad thing, no operating system is going to be completely secure. So what, a couple of vulnerabilities come out every so often, but they are fewer and less dramatic then the worms and security issues some windows users need to deal with.

For those of you interested, I ran the script and it needs to be addressed, since dodgy stuff could be done. But follow the suggestions on the site.


PolarbearTed

Does anybody feel that this, in part, is the Mac community's fault? We go on blabbing how we have no viruses/trojan horses/etc and low and behold, we get two issues in a week. It is almost as we dared them to come up with these and now that they have arisen, we are pissed b/c it seems the world is picking apart the Mac OS. Perhaps had we not had this "holier than thou" attitude, we wouldn't be worrying about this.

It's not a "holier than thou" attitude, it's just how things really are. To quote an old phrase, if something is the truth then it ain't bragging. Despite the past week's events (which have been highly blown out of proportion BTW) I'll continue to take my chances with OS X over Windows any day of the week...