If I remember correctly, Paranoid Android fixes the vulnerability by mapping help:// URLs to another app other than Help Viewer. This has the side effect of possibly disabling Help in some applications.Apple has released the fix for the help viewer with its security update for 5/21/04, best obtained through Software Update.
The following two lines, when run in Terminal will disable Help Viewer's ability to run AppleScripts and/or shell commands thereby disabling the security hole while leaving Help available in all apps:
sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'false'
sudo chmod 644 /System/Library/CoreServices/Help\ Viewer.app/Contents/Info.plist
The first line modifies Help Viewer so that it cannot run AppleScripts (and therefore shell commands as it uses AS to run them). The second fixes a permission issue with Help Viewer caused by the first command. To undo the fix in preparation to install Apple's eventual fix, just change 'false' in the first command to 'true'.
-Remo Del Bello
--
Bruce
____________________________________________________
B R U C E K. klutch-at-erols.com
