|
|
How to avoid the new 'Help' URL handler vulnerability
I think it should be made perfectly clear what the right way to fix this is. You want to use Misfox or MoreInternet to change the help protocol helper. Remote execution of scripts via a url reference is the core defect. Disabling opening of "safe" files and modifying the OpnApp script do not make you safe. They are bandages for a broken leg.
To be sure that you are safe, use Misfox or MoreInternet as stated in the hint, or make sure the fix you are given specifically changes the help protocol helper. If you're not sure, do not trust that the fix you are given is performing the correct changes! And of course don't use a "fix" you got from an e-mail either. By the way, when Apple does release a fix for this problem (assuming it's the right fix), you can change the help protocol helper back to: /System/Library/CoreServices/Help Viewer.app Yes, you will want to change it back. Some parts of help probably aren't going to work right while your help protocol helper is set to a different application.
How to avoid the new 'Help' URL handler vulnerability
Erm, can't you just use the "protocol helpers" preference option in Internet Explorer? I hate Microsoft and all, but that's easier than downloading a second app.
How to avoid the new 'Help' URL handler vulnerability
another good helper to stop those maleware:
How to avoid the new 'Help' URL handler vulnerability
That's actually the application that inspired my post. Every indication is that it just modifies OpnApp.scpt, which is the wrong fix. I don't see anything that says this changes the help protocol helper, which is the right way to deal with this. I don't mean to knock the efforts of the people that made that, and if it does make the helper change, please correct me. But, the critical defect is the runscript part of help urls, and this program does not look like a valid workaround for the defect.
How to avoid the new 'Help' URL handler vulnerability
I forgot that IE exists for Macs. I never knew that option was there. I guess that works too.
How to avoid the new 'Help' URL handler vulnerability
Thanks for the advice. I opened Internet Explorer and pointed the protocol helper toward chess. I went to the website at |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.14 seconds |
|