The most recent 20 comments posted to Making Light by Jay Allen:

Yes, I do believe that ALL 10.2.x systems are affected. See the section entitled "System applicability" on my updated post for more on that.

In addition, the telnet:// protocol is also exploitable. It's not as serious because arbitrary remote commands can't be executed, however an attacker can overwrite (zeroing-out) any file that a user has write permissions on.

Jay - being an "Administrator" on OS X basically means that you...

Heh, thanks Erik. I'm aware. I've got one of those first generation Titanium lapwarmers doing its job. I simply wanted to be sure that Teresa wasn't doing day-to-day stuff logged in as root.

Chris, you and Jay Allen vibrate as one.

Oh God. Please, no one tell my girlfriend.

if somebody says "There is a security hole in your computer!!! Quick, fix it, now! The way to do it is to download and install the following application..." and you don't at least do a little sanity checking before following directions, then you have a security hole in your brain.

I get what you're saying and on principle, I agree with you. However, in this case seeing a hole in my operating system large enough to drive a Mack truck through pretty much gave me enough confidence that it was the right move. It was neither subtle nor theoretical.

"It is possible to write a URL that, when invoked from one’s default browser, invokes Apple’s Help program, which is itself a mini-browser which uses a subset of HTML. The trouble is that unlike a well-written, full-fledged, OSX browser, the Help program is (a.) fully scriptable; and (b.) fully capable of running any application or command for which the user has privileges."

That is a pretty damn near perfect laymen's explanation.

"This is where “rm -rf” and other nightmares come in. "

Well, I actually, that's where we're "lucky". Due to a technical restriction, the command actually can't have any spaces in it. Thank God for small miracles.

However, just before kicking off the help:// link, the malicious web page could launch a send your browser a "disk://..." URI which would download, say, a disk image to you which would be automatically mounted on your desktop (with or without the safe files checkbox checked mind you) and containing a shell script or Applescript contained inside with exactly the same instructions (Delete what you can).

After THAT, the browser would send the "help://" URI with the path to the script in the mouted diskimage on your desktop.

Roundabout for sure, but not too hard to create. THAT'S what scares me so much.

"And I’m the Admin on this machine.

I'm curious. Do you mean that you have superuser or root priviliges or are you using the default Mac OS X user? You're not actually using the computer logged in as root are you? Eek!

Thanks for highlighting this on your blog, Teresa!

Comment statistics for Jay Allen on the Making Light blog

Total: 4 comments. View all these comments on a single page.