Mac OS X users have been hit by a barrage of security concerns and exploits over the last week. Most of these issues stem from the discovery last week of the URI Handler Arbitrary Code Execution vulnerability.
To close this hole you should at least download and install Appleís Security Update 2004-05-24 (for Jaguar & Panther). Software Update will also pick up the correct version for your system. Further protection can be taken by using RCDefaultApp to disable the follow protocols :
While youíre using RCDefaultApp, itís probably wise to change the default handler for the
ftp protocol from the Finder to an FTP application (eg. Transmit or Interarchy etc.).
For complete and thorough analysis on how and why this can happen, read these posts on Daring Fireball :
- About the Help Viewer Security Update
- Using the
telnetURI Protocol to Delete Files
- An Ounce of Prevention
- Disabling Unsafe URI Handlers With RCDefaultApp
Posted 9 years ago