{"id":129,"date":"2004-05-20T11:26:33","date_gmt":"2004-05-20T11:26:33","guid":{"rendered":"https:\/\/www.docbug.com\/blog\/archives\/129"},"modified":"2004-05-20T11:26:33","modified_gmt":"2004-05-20T11:26:33","slug":"real-live-link-vulnerability-for-mac-osx","status":"publish","type":"post","link":"https:\/\/www.docbug.com\/blog\/archives\/129","title":{"rendered":"Real live link vulnerability for Mac OSX"},"content":{"rendered":"<p>I don&#8217;t think this has appeared in the wild yet, but no doubt it will soon. It&#8217;s an exploit that allows someone to execute arbitrary code on OSX just by visiting a website, regardless of browser, by using Javascript to download a disk image and then using Javascript to open <code>help:\/\/Volumes\/Rootkit\/Rootkit.script<\/code>. The browser passes the request on to the Help Viewer, which will gladly execute code. The exploit is being discussed on the <a href=\"http:\/\/forums.macnn.com\/showthread.php?s=&#038;threadid=213043\">MacNN Forums<\/a> and has been summarized on <a href=\"http:\/\/www.tidbits.com\/macnews.html#07672\">TidBITS<\/a>.<\/p>\n<p>No solution from Apple yet (though apparently they&#8217;ve known about it for two months already \u2014 sheesh), but a stop-gap solution is to install MonkeyFood Software&#8217;s free <a href=\"http:\/\/www.monkeyfood.com\/software\/moreInternet\/\">MoreInternet<\/a> and then set the helper app for type &#8220;help&#8221; to some innocuous program like &#8220;chess.&#8221;<\/p>\n<p>On the minus side, it&#8217;s sad to see OSX suffering the same pain I&#8217;ve teased Windows users about all these years. On the plus side, I&#8217;d been meaning to play more chess anyway&#8230;<\/p>\n<p class=\"update\"><b>UPDATE:<\/b> In flaming about the above exploit, the MacNN folk found a variation that doesn&#8217;t have a full work-around, though you can make it harder for an attacker to get the payload to your machine. See the top of the <a href=\"http:\/\/forums.macnn.com\/showthread.php?s=&#038;threadid=213043\">thread<\/a> for details.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I don&#8217;t think this has appeared in the wild yet, but no doubt it will soon. It&#8217;s an exploit that allows someone to execute arbitrary code on OSX just by visiting a website, regardless of browser, by using Javascript to download a disk image and then using Javascript to open <code>help:\/\/Volumes\/Rootkit\/Rootkit.script<\/code>. The browser passes the request on to the Help Viewer, which will gladly execute code. The exploit is being discussed on the <a href=\"http:\/\/forums.macnn.com\/showthread.php?s=&#038;threadid=213043\">MacNN Forums<\/a> and has been summarized on <a href=\"http:\/\/www.tidbits.com\/macnews.html#07672\">TidBITS<\/a>.<\/p>\n<p>No solution from Apple yet (though apparently they&#8217;ve known about it for two months already \u2014 sheesh), but a stop-gap solution is to install MonkeyFood Software&#8217;s free <a href=\"http:\/\/www.monkeyfood.com\/software\/moreInternet\/\">MoreInternet<\/a> and then set the helper app for type &#8220;help&#8221; to some innocuous program like &#8220;chess.&#8221;<\/p>\n<p>On the minus side, it&#8217;s sad to see OSX suffering the same pain I&#8217;ve teased Windows users about all these years. On the plus side, I&#8217;d been meaning to play more chess anyway&#8230;<\/p>\n<p class=\"update\"><b>UPDATE:<\/b> In flaming about the above exploit, the MacNN folk found a variation that doesn&#8217;t have a full work-around, though you can make it harder for an attacker to get the payload to your machine. See the top of the <a href=\"http:\/\/forums.macnn.com\/showthread.php?s=&#038;threadid=213043\">thread<\/a> for details.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-129","post","type-post","status-publish","format-standard","hentry","category-media-technology"],"_links":{"self":[{"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/posts\/129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/comments?post=129"}],"version-history":[{"count":0,"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/posts\/129\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/media?parent=129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/categories?post=129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.docbug.com\/blog\/wp-json\/wp\/v2\/tags?post=129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}