Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Run AppleScripts on a Mac using Remote.app' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Run AppleScripts on a Mac using Remote.app
Authored by: prijker on Oct 12, '10 09:25:04AM

Does it sound like a security breach in MacOSX?



[ Reply to This | # ]
Run AppleScripts on a Mac using Remote.app
Authored by: Snaro on Oct 12, '10 11:34:19AM
There may be a very limited possibility for abuse. But consider the conditions that have to be met before someone can actually do something malicious:
  1. There must be a special script running. This is not a built-in: you have to provide it
  2. There must be a playlist titled "Scripts"
  3. Within this playlist, there must be songs that contain the actual script code in the comments. Again, these can't be inserted remotely, you have to include the script code in your local song files.
  4. A possible attacker must have access to your WiFi and his iDevice must be paired with iTunes
I doubt very much that this can be considered a security breach.

[ Reply to This | # ]
Run AppleScripts on a Mac using Remote.app
Authored by: lar3ry on Oct 12, '10 11:45:34AM

Of course not. You have to manually create the playlist as well as the stay-open application script as well as setting it in your login items list. And then you need to create the Applescript to run and attach it to a song file in that playlist.

That's a pretty big bunch of ifs that you need to manually perform.

Wouldn't it just be easier to write the malicious script as the "stay-open application script" and put it in your login items? You'd omit a lot of ifs and thens and get a faster bang on your buck for maliciousness, wouldn't you?

A security hole isn't when a user shoots him- or her-self intentionally in the foot. It's when somebody else injects a rifle into the system and then has the gun automatically go off. (In other words, "rm -rf /" isn't a security hole if a user types it as root; it's a security hole when simply launching an application as a user without privileges and has the app open up a root session and executes that command which is the security hole.)

lar3ry



[ Reply to This | # ]
Run AppleScripts on a Mac using Remote.app
Authored by: allanmarcus on Oct 12, '10 11:53:12AM

no, it doesn't. First you need to have access to set up the scripts. Then you need to share you iTunes library. Then you need to know the code to access the itunes library.



[ Reply to This | # ]