'Extremely Critical' Security Hole Found In Mac OS X
Results 1 to 8 of 8

Thread: 'Extremely Critical' Security Hole Found In Mac OS X

  1. #1
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    'Extremely Critical' Security Hole Found In Mac OS X

    From this source.
    Security research group Secunia is warning all Mac OS X (news - web sites) users about what it calls a "highly critical" vulnerability. The vulnerability, Secunia says, affects all Mac OS X users who surf the Web using either Apple Computer's Safari Web browsers or Microsoft's Internet Explorer.

    According to Secunia's advisory, two security flaws can be used by malicious Web sites to remotely access at-risk systems. The security holes have been confirmed on systems running Mac OS X with either Safari 1.2.1 or Internet Explorer 5.2, Secunia says.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  2. #2
    thanks for the heads up moxnix.
    Gen. A

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Posts
    18
    The best info I've found on this topic comes from
    John Grubar's site...

    http://daringfireball.net/

    which was recommended by

    John Welch

    http://www.bynkii.com/networking/

    and since people looking for Macintosh Security... use Macintoshes...

    May I recommend www.yourmaclife.com a weekly internet radio show ...

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    all these warnings talk about URI handlers?(does that URI stand for uniform resource identifier?) what URI handlers? are they the help wizards and stuff?

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Originally posted here by Phonedog911
    all these warnings talk about URI handlers?(does that URI stand for uniform resource identifier?) what URI handlers? are they the help wizards and stuff?

    Description:
    Two vulnerabilities have been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.

    1) The problem is that the "help" URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using "help:runscript".

    2) It is also possible to silently place arbitrary files in a known location, including script files, on a user's system using the "disk" URI handler. Files on disk images can be executed without using the "help" URI handler.

    Various variants of the URI handler vulnerabilities are currently being discussed.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Got these from the E Letter of the people below, it includes other news on the Apple front
    ----------------------------------------------------------
    ECT News Network: Business & Technology Newsletter
    ----------------------------------------------------------
    Weekly Edition -- Wednesday -- May 26, 2004
    MAC | E-Commerce Times | TechNewsWorld | CRM Buyer | LinuxInsider

    ------------------------------------------------------------------------
    This Week's Top News Headlines from MacNewsWorld:
    ------------------------------------------------------------------------

    IBM's Jesse Stein on the G5's Roots
    (Posted 26-May-04)
    http://www.macnewsworld.com/story/34030.html


    Apple, Oracle Plan Database Road Show
    (Posted 25-May-04)
    http://www.macnewsworld.com/story/33995.html

    OS X Security Hole Bites Apple
    (Posted 24-May-04)
    http://www.macnewsworld.com/story/33987.html

    Apple's Enterprise IT Battle Plan, Part Two
    (Posted 24-May-04)
    http://www.macnewsworld.com/story/33937.html

    Resellers Look Forward to Mac Office 2004
    (Posted 22-May-04)
    http://www.macnewsworld.com/story/33945.html

    Apple's Whole-Earth iPod Movement
    (Posted 21-May-04)
    http://www.macnewsworld.com/story/33943.html

    Apple's Enterprise IT Battle Plan, Part One
    (Posted 21-May-04)
    http://www.macnewsworld.com/story/33934.html

    Apple Carves Out New iPod Division
    (Posted 20-May-04)
    http://www.macnewsworld.com/story/33915.html

    Newest Version of Mac Office Bridges Platform Gap
    (Posted 20-May-04)
    http://www.macnewsworld.com/story/33898.html

    Doris Mitsch on Clarity and the Mac
    (Posted 20-May-04)
    http://www.macnewsworld.com/story/33893.html

    OS X Security Flaw Plagues Web Browsers
    (Posted 19-May-04)
    http://www.macnewsworld.com/story/33887.html

    IBM Puts Forth PowerPC Development Tools
    (Posted 19-May-04)
    http://www.macnewsworld.com/story/33867.html

    ITunes: China's Latest Import
    (Posted 18-May-04)
    http://www.macnewsworld.com/story/33855.html

    ------------------------------------------------------------------------
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #7

  8. #8
    Junior Member
    Join Date
    Jul 2003
    Posts
    18
    Good segment on it from yourmaclife.... 1hour six minutes in...

    http://www.yourmaclife.com/subpages/qt/stream.mov

    if you open with quicktime player... you can scroll to the exact spot... opening with a browser plugin you can scroll but with no time indicator you have to guess... its a 2:30 show...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides