|
|
Use GURLfriend
I followed the advice in the hint as soon as I heard about this exploit but it wasn't enough to stop it. Test yourself by clicking on this url:
http://bronosky.com/pub/AppleScript.htm. If you are vulnerable your terminal will launch and run the 'du' command. Unfortunately you need to alter some Applescript code within the Help application's contents. How to do that by has has been listed on several boards. The easy way is to run DGTGF. It replaces deleted the offending code from Help, and offers you the option to restore it if needed.
Use GURLfriend
I used Misfox to change the helper app for the help protocol, and it does indeed prevent the exploit (using the provided URL to test the system after this change confirms this -- Terminal doesn't launch, and no shell command is executed).
Maybe you have to logout first
If read elsewhere that you have to log out before these changes take effect.
Maybe you have to logout first
That's not true -- I just installed More Internet, set the Help URL helper to be TextEdit, then tried the above link. It worked perfectly -- TextEdit launched, but nothing happened. No restart required, and I didn't even quit and relaunch Firefox...
Use GURLfriend
Ahhhh, I see now that the hint has been updated and yes, I set the "help" protocol to hand the call back to Safari... which hands it back to Help! Sheesh.
So are we sufficiently secure from this exploit with the steps outlined in the hint? Or do we need to be nervous about those OpnApp scripts (the script that runs the exploit) sitting there on our hard drives? Forgive me if my questions are stupid, I'm a security newbie! Anyhow, GURLfriend only seems to alter the OpnApp script in the english localization folder, yet there are copies of this script in other language folders.
Use GURLfriend
If you set the "help" protocol to use Safari, it likely will cause problems. I have set it to use TextEdit, and it works fine. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.14 seconds |
|