'Extremely Critical' Security Hole Found In Mac OS X [Archive] - Antionline Forums

Click to See Complete Forum and Search --> : 'Extremely Critical' Security Hole Found In Mac OS X

moxnix

May 19th, 2004, 11:16 AM

From this source. (http://story.news.yahoo.com/news?tmpl=story&cid=74&e=3&u=/cmp/20040519/tc_cmp/20600174)
Security research group Secunia is warning all Mac OS X (news - web sites) users about what it calls a "highly critical" vulnerability. The vulnerability, Secunia says, affects all Mac OS X users who surf the Web using either Apple Computer's Safari Web browsers or Microsoft's Internet Explorer.

According to Secunia's advisory, two security flaws can be used by malicious Web sites to remotely access at-risk systems. The security holes have been confirmed on systems running Mac OS X with either Safari 1.2.1 or Internet Explorer 5.2, Secunia says.

GenericAssassin

May 19th, 2004, 11:27 AM

thanks for the heads up moxnix.

noahsarc

May 26th, 2004, 03:14 AM

The best info I've found on this topic comes from
John Grubar's site...

http://daringfireball.net/

which was recommended by

John Welch

http://www.bynkii.com/networking/

and since people looking for Macintosh Security... use Macintoshes...

May I recommend www.yourmaclife.com a weekly internet radio show ...

Phonedog911

May 26th, 2004, 03:31 AM

all these warnings talk about URI handlers?(does that URI stand for uniform resource identifier?) what URI handlers? are they the help wizards and stuff?

Tedob1

May 26th, 2004, 04:35 AM

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257869#post749926) by Phonedog911
all these warnings talk about URI handlers?(does that URI stand for uniform resource identifier?) what URI handlers? are they the help wizards and stuff?

Description:
Two vulnerabilities have been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.

1) The problem is that the "help" URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using "help:runscript".

2) It is also possible to silently place arbitrary files in a known location, including script files, on a user's system using the "disk" URI handler. Files on disk images can be executed without using the "help" URI handler.

Various variants of the URI handler vulnerabilities are currently being discussed.

foxyloxley

May 26th, 2004, 09:21 PM

Got these from the E Letter of the people below, it includes other news on the Apple front
----------------------------------------------------------
ECT News Network: Business & Technology Newsletter
----------------------------------------------------------
Weekly Edition -- Wednesday -- May 26, 2004
MAC | E-Commerce Times | TechNewsWorld | CRM Buyer | LinuxInsider

------------------------------------------------------------------------
This Week's Top News Headlines from MacNewsWorld:
------------------------------------------------------------------------

IBM's Jesse Stein on the G5's Roots
(Posted 26-May-04)
http://www.macnewsworld.com/story/34030.html

Apple, Oracle Plan Database Road Show
(Posted 25-May-04)
http://www.macnewsworld.com/story/33995.html

OS X Security Hole Bites Apple
(Posted 24-May-04)
http://www.macnewsworld.com/story/33987.html

Apple's Enterprise IT Battle Plan, Part Two
(Posted 24-May-04)
http://www.macnewsworld.com/story/33937.html

Resellers Look Forward to Mac Office 2004
(Posted 22-May-04)
http://www.macnewsworld.com/story/33945.html

Apple's Whole-Earth iPod Movement
(Posted 21-May-04)
http://www.macnewsworld.com/story/33943.html

Apple's Enterprise IT Battle Plan, Part One
(Posted 21-May-04)
http://www.macnewsworld.com/story/33934.html

Apple Carves Out New iPod Division
(Posted 20-May-04)
http://www.macnewsworld.com/story/33915.html

Newest Version of Mac Office Bridges Platform Gap
(Posted 20-May-04)
http://www.macnewsworld.com/story/33898.html

Doris Mitsch on Clarity and the Mac
(Posted 20-May-04)
http://www.macnewsworld.com/story/33893.html

OS X Security Flaw Plagues Web Browsers
(Posted 19-May-04)
http://www.macnewsworld.com/story/33887.html

IBM Puts Forth PowerPC Development Tools
(Posted 19-May-04)
http://www.macnewsworld.com/story/33867.html

ITunes: China's Latest Import
(Posted 18-May-04)
http://www.macnewsworld.com/story/33855.html

------------------------------------------------------------------------

Zetaphor

May 26th, 2004, 09:28 PM

What scripts are we talking about, are there scripts locally on a mac that can provide remote access? Or is it possible to make one? I am thinking of AppleScript here, dont know of any other Mac scripting languages.

Soda_Popinsky

May 27th, 2004, 05:13 AM

http://story.news.yahoo.com/news?tmpl=story2&u=/nf/20040524/bs_nf/24176
http://story.news.yahoo.com/news?tmpl=story2&u=/cmp/20040525/tc_cmp/20900516
http://story.news.yahoo.com/news?tmpl=story2&u=/mc/20040524/tc_mc/macusersstillnotsafefromvulnerabilitysayssecunia

Apple patch is inadequate

noahsarc

May 27th, 2004, 05:37 AM

Good segment on it from yourmaclife.... 1hour six minutes in...

http://www.yourmaclife.com/subpages/qt/stream.mov

if you open with quicktime player... you can scroll to the exact spot... opening with a browser plugin you can scroll but with no time indicator you have to guess... its a 2:30 show...