Information Security News mailing list archives
Mac browsers vulnerable to hackers
From: InfoSec News <isn () c4i org>
Date: Tue, 18 May 2004 05:14:55 -0500 (CDT)
http://www.macworld.co.uk/news/main_news.cfm?NewsID=8696 By Macworld staff May 18, 2004 Computer security firm Secunia is warning of a new security vulnerability affecting Mac Internet browsers Safari 1.x and Internet Explorer 5.x. The report claims the weakness: "Potentially allows malicious Web sites to compromise a vulnerable system". "The problem is that the "help" URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using 'help:runscript'", the warning explains. This makes it possible for malicious computer users to place "arbitrary" files (including script files) in a known location on a user's system - but only if either browser has been set-up to open safe files after they are downloaded. This is the default browser setting. Secunia recommends users switch off the latter capability in Safari's preferences folder; that they do not go online as a "privileged user" and that they rename the help handler, though no instructions related to the latter are avaiable. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
Current thread:
- Mac browsers vulnerable to hackers InfoSec News (May 18)