Go ahead, click on it again!
After news of some guy losing his Home directory to the Concept Trojan Horse last week, Mac Users are now confronted with another exploitable flaw. This serious Mac OS X security problem exploits the Help URL function on web browsers such as Internet Explorer, Safari or any Mozilla-based browser, causing it to execute script instructions from a re-directed or bogus website.To see a full description of how this is done, click here.
You get the idea now, don't you? No warning and no re-course to stop it once it runs. Though that was just a harmless example of what could be, imagine the kind of damage you could do to some poor schmuck with the UNIX equivalent of a 'remove', 'erase' or 'delete' command.
Apple would need time to cook up a patch for this. But waiting around idly isn't the answer either. So thankfully there are options available.
For one, a patch was released today to address the Help URL flaw by alerting the user of an malicious attempt while preventing the script from running. This patch also brings an added measure of stopping Safari from automatically launching any downloaded files or applications. This step can be toggled manually via the browser's Preferences.
The more comprehensive method is to download an application mapping utility called Default Apps. Once installed in System Preferences, this utility will allow you to disable Help, Disk Image mounting and Telnet from running. Read the full explanation on Unsafe URL Handlers.
Apple had recently announced its track record of fixing bugs and plugging holes in a timely manner. Well this is one hole that needs to be plugged, and quickly. With the amount of attention thrown at this exploit, it may not be long before someone unleashes reality again.
So patch your Macintoshes. Do it now. It will only take a few minutes of your time and it may save you many hours of grief.
Or, you could second guess each web link before you click on it...
posted by Teutoburg @ 10:55 PM
0 Comments:
Post a Comment
<< Home