Re: [off] First major security exploit in OS X

[Remo Del Bello]

Title: Re: [off] First major security exploit in OS X

On 5/21/04 7:11 AM, Peter C.S. Adams deftly typed out:

> Here is the best explanation I have found on the subject:
>
> http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/
>
> Here is a link to Unsanity's Paranoid Android, a hack that allows you to
> protect yourself temporarily until Apple realizes this is a real security
> hole and issues a fix.
>
> http://www.unsanity.com/haxies/pa/

If I remember correctly, Paranoid Android fixes the vulnerability by mapping help:// URLs to another app other than Help Viewer. This has the side effect of possibly disabling Help in some applications.

The following two lines, when run in Terminal will disable Help Viewer's ability to run AppleScripts and/or shell commands thereby disabling the security hole while leaving Help available in all apps:

sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'false'
sudo chmod 644 /System/Library/CoreServices/Help\ Viewer.app/Contents/Info.plist

The first line modifies Help Viewer so that it cannot run AppleScripts (and therefore shell commands as it uses AS to run them). The second fixes a permission issue with Help Viewer caused by the first command. To undo the fix in preparation to install Apple's eventual fix, just change 'false' in the first command to 'true'.

-Remo Del Bello

--
"The knee bone's connected to the...something. The something's connected to the...red thing. The red thing's connected to my...wrist watch. Uh oh."
- Dr. Nick Riviera on The Simpsons