Mac OS X Security Vulnerability
By: Scott Doenges - Revised: 2006-06-20 devinIntroduction
A brief overview of the "help"-related internet security vulnerability recently discovered in Mac OS X.Section Links
What's the problem?
The issue revolves around two URI handlers, 'help' and 'disk.' The first allows any AppleScript on the user's machine to be run, while the second allows users to mount a disk image automatically over a network.In theory, this allows malicious users to create a Web page that will either download a small disk image onto a Mac or mount it remotely, then execute an AppleScript on the mounted image, which could contain any Unix command — including ones to delete files. The flaw works with any browser, including Safari, Internet Explorer, and Firefox.
One reader has posted a webpage that offers details on the problem and several examples of scripts that will automatically execute when viewing a page:
http://bronosky.com/pub/AppleScript.htm (link dead)
Warning: the link above will execute a non-destructive 'du' command in the terminal as an example. But this command could just as easily be 'rm -rf *' which would effectively delete everything on your hard drive that the logged-in user has write access to (that isn't in use by the system), without prompting you for a password. So if you're logged in as a non-admin user, it could delete almost your entire home folder. If you're logged in as an admin, it could delete your home folder, most of your applications, and a good portion of your system software!
Solutions
Changing the application associated with the "help" file type is an effective workaround for this problem, until Apple releases an official fix.Until Apple releases an official update for the issue, there are a number of third-party fixes that let you re-map Internet helper applications. You can simply change the "help" helper app to something harmless, like Chess:
For those of you concerned about this problem affecting your lab Macs, you just need to use one of the programs listed below, then redistribute the following file to your Macs:
~/Library/Preferences/com.apple.LaunchServices.plist
Here are a few applications that let you redefine Internet helper apps within Mac OS X:
More Internet 1.1.1:
http://www.monkeyfood.com/software/moreInternet
MisFox 1.2.1 ("Missing Internet Settings for X"):
http://www.clauss-net.de/misfox/misfox.html
Don't Go There, GURLfriend 1.0:
http://isophonic.net (link dead)
©2022 - University of Utah -
Marriott Library -
ITS - Apple Infrastructure
Disclaimer - 295 South 1500 East, Room 1705J, SLC, UT 84112 - 801.581.6494