Untitled

 

Thursday May 20th 2004 09:54 AM PST
this is honestly one of the coolest things i've seen on OS X yet. There's a SERIOUS security hole in browsers and the scripts are SO EASY to run. What happens is.... A web page initiates a script that is sent to the help:// protocol. This protocol is handled by the OS Help Application. THEN any script can take advantage of the capability of the HELP app to run command line scripts or anything else for that matter. Just think of a nice web page running a rm -rf.Check out the article Don't worry, the fix is REALLY EASY.

Also check out Jay's article on the subject

protocols that i've seen that are effected are:
help
disk
telnet

I've got all mine set now to "stickies" :)

No Comments Yet

Add Your Own Comment: --
Comments will go through an approval process and will be added when they are approved.

Name:
Email:
Homepage: