|
|
How to avoid the new 'Help' URL handler vulnerability
Hello all,
The best solution I found to prevent this vulnerability from taking place is to set the NSApplescriptEnabled property list key inside the Info.plist file of the Help Viewer application to false opposed to true. This will prevent Help Viewer application from running AppleScript. Note : The instructions below use vi - Feel free to use any text editor you like such as pico.
Rick alias cougar
read this first and save a minute of time
you will probably have to "sudo vi /System/...."
How to avoid the new 'Help' URL handler vulnerability
This looks correct to me, but an easier implementation for some people might be the following single command line instruction (typed in the Terminal), posted on the front page of MacInTouch today:
If you are not familiar with Unix conventions, you might miss the space after the slash in "Help\ Viewer" (to escape the space), or the lack of a space between the hyphen and "bool" that represents a boolean switch. HTH!
This disables Help Viewer completely
This command sets the permissions on Info.plist to 600 (i.e. no-one can read the Info.plist contents anymore), so that _every_ Launch of Help Viewer fails. You'll have to correct this with this command: |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|