macnews.net.tc
2006-02-20
Safari executes shell scripts automatically!
And that's a bad thing, of course. Read more about it here. And turn off Safari's default behaviour of automatically expanding and running "safe" files. They just might not be.
Michael Lehn, who found the vulnerability (link in German), says Apple's on it to fix the issue. But until then: Be safe. A script could simply erase *everything* your user has access to. And that would at least concern all of your files as well as backups connected to your account currently via USB or FW. - posted by Patrick Armbruster @ 23:18 [article link]
Michael Lehn, who found the vulnerability (link in German), says Apple's on it to fix the issue. But until then: Be safe. A script could simply erase *everything* your user has access to. And that would at least concern all of your files as well as backups connected to your account currently via USB or FW. - posted by Patrick Armbruster @ 23:18 [article link]
Comments:
<< Home
sure? Where do you read that? Try this in 10.4.5 with Safari set to automatically process "safe" files: http://www.heise.de/english/newsticker/news/69862 ... It certainly opens a Terminal window, lists your directory and tells you you're vulnerable in German. (Does nothing else. heise is not a baddie.)
Post a Comment
<< Home
