The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
New "Serious" Security Flaw Found In OS X

New "Serious" Security Flaw Found In OS X

by , 10:00 AM EDT, May 18th, 2004

Apple has had its share of security alerts recently, and now, Computer World of Australia is reporting that there is yet another serious security issue in Mac OS X. The vulnerability allows malicious scripts to be run just by visiting a Web site. From the article, Mac OS X hit with another serious security issue:

Lixlpixel has reported a vulnerability dealing with how basic Internet elements are addressed in the OS' help facility that allow arbitrary local scripts to be executed on a user's machine. It is also possible to place files in a known location on a system by asking users to download a ".dmg" disk image file. A default browser option in Explorer and Safari will mean a single user click is enough to drive the whole process.

The combination of the two holes, tested and confirmed by security experts Secunia, can therefore allow system access to be achieved "very simply" according to Secunia CTO Thomas Kristensen. The holes affect Safari 1.x and Explorer 5.x.

The solution is to change browser options and rename the help URI handler. More details are available on Secunia's site.

Get the full story at ComputerWorld Australia's Web site.

It's important to note, too, that a security hole found does not mean that anyone is currently attempting to exploit that hole.

The Mac Observer Spin:

Apple has been pretty good about issuing its security updates, and we imagine you'll see a new one soon that offers a more permanent fix for this problem. That said, there have been a number of such alerts of late, though this one seems more important than the others.

Indeed, while we would like to think that Mac users are smarter than your average bear, and that none of us ever click on spam/virus/malware-related links in e-mail, the fact is that there are always folks who do. Some of those folks are Mac users, too, and it's just that heretofore we haven't been spreading those Windows worms in the process. That's how these things spread, and we could see at least some Mac users duped into clicking on something they think was from Apple, for instance.

Even then, however, spreading anything that takes advantage of this exploit is the kind of situation where Security Through Obscurity actually does come into play. Fewer Mac recipients means that any potential exploit would spread far more slowly than Windows viruses and worms spread. Many anti-Mac partisans have suggested in the past that there weren't any Mac viruses because no one cares enough to write them. Whether or not that is true, it will definitely be harder for any virus creator to spread them on our platform.

With Apple's default security settings, Mac OS X's default software update settings, and the fact that there haven't been any exploits found that allow the bad guys to hijack your e-mail address book on the Mac, even if someone does decide to try and exploit this hole, they likely and hopefully won't get far.

Recent TMO Headlines - Updated October 23rd

Mon, 11:14 AM
Judge Koh Grants Samsung New Damages Trial in Apple iPhone Patent Infringement Trial
Mon, 10:29 AM
The Skyhour App Lets You Gift Air Travel By The Hour (on 350 Airlines)
Mon, 8:00 AM
Google Pixel 2 XL Reviewers Reporting Screen Burn-In Problems
Fri, 9:07 PM
Inside Apple Michigan Ave Store Opening in Chicago (Photos)
Fri, 8:07 PM
Get a Head Start on Your iPhone X Preorder on October 23
Fri, 7:12 PM
Apple Poaches Amazon Video Exec to Head International Development
Fri, 6:07 PM
Google Finds a Workaround for Apple's Intelligent Tracking Prevention
Fri, 3:52 PM
MOD-t (2nd Gen) 3D Printer on Kickstarter: $300 for a Self-Contained Consumer 3D Printer
Fri, 3:51 PM
iOS 11: How to Share Documents from the Files App
Fri, 3:12 PM
Our Top 5 Picks For Apple Watch Photography Apps
Fri, 2:41 PM
Apple Releases iOS 11.1 Developer Beta 4 with Bug Fixes
Fri, 2:32 PM
Use Your Apple Watch Digital Crown to Zoom Photos
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!