Protection from the OS X help viewer vulnerability

By Oren Sreebny on May 19, 2004 5:00 PM | | Comments (0)

By now lots of people have written about the OS X Help Viewer vulnerability, which allows remote arbitrary code execution from visiting a bad link in a browser.

My colleague Josh Larios writes the following on how to protect yourself:

This one is serious. Arbitrary code execution with nothing required of the user but that they visit a malicious web page. It affects all browsers, not just Safari. It seems to only affect OS X 10.3. There's a fairly scary proof of concept floating around which opens a terminal window and executes a command. It should be obvious that that's a Bad Thing.

Here's how I'm protecting myself:

1. Launch Internet Explorer.
2. Go to Explorer -Preferences.
3. Go to Network -Protocol Helpers
4. Find the "help" protocol and click on it, then click "Change".
5. Un-check "Use current application if possible".
6. Click "Choose Helper".
7. Click on the "Chess" application in your Applications folder, then click "Open".
8. Click "OK" in the Protocol Helper Editor.
9. If you have a "disk" protocol, click on it and repeat steps 5
through 8. If not, click "Add" and create a "disk" protocol, then follow steps 5 through 8 for it.

Apple's known about this since _February_? Seriously, seriously lame.

Categories:

Leave a comment

About this Entry

This page contains a single entry by Oren Sreebny published on May 19, 2004 5:00 PM.

Dave Clark -Tussle in Cyberspace was the previous entry in this blog.

Cory Doctorow and university networking is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

About Me
Powered by Movable Type 4.01

Search