MacOS X 10.3 security chasm
May. 19th, 2004 01:42 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
skreidlePSA courtesy ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
jazzfish:
It seems OSX 10.3 [Panther] has a simple, easily-fixed, and gaping security hole.
"It is possible to write a URL that, when invoked from one’s default browser, invokes Apple’s Help program, which is itself a mini-browser which uses a subset of HTML. The trouble is that unlike a well-written, full-fledged, OSX browser, the Help program is (a.) fully scriptable; and (b.) fully capable of running any application or command for which the user has privileges."
Watched Gilmore Girls season finale. Action-packed!
jazzfish:It seems OSX 10.3 [Panther] has a simple, easily-fixed, and gaping security hole.
"It is possible to write a URL that, when invoked from one’s default browser, invokes Apple’s Help program, which is itself a mini-browser which uses a subset of HTML. The trouble is that unlike a well-written, full-fledged, OSX browser, the Help program is (a.) fully scriptable; and (b.) fully capable of running any application or command for which the user has privileges."
Watched Gilmore Girls season finale. Action-packed!
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2004-05-19 09:58 pm (UTC)Man, I never thought Jess would look so good as a prospect for a good, solid relationship.
no subject
Date: 2004-05-19 10:02 pm (UTC)no subject
Date: 2004-05-19 10:13 pm (UTC)no subject
Date: 2004-05-21 03:45 pm (UTC)