Forwarding Address: OS X

Thursday, May 20, 2004

Update on the security hole: John Gruber of Daring Fireball has a nice clear post about how to disable unsafe URI handlers using an application which, for reasons he explains well, is better suited to this situation than MisFox or MoreInternet -- RCDefaultApp.

(By the way, for the curious, Simon Willison has posted a sample AppleScript snippet showing how distressingly simple this exploit is. Also, if you're interested, read Peter da Silva's sage comment on the architectural reasons this hole exists.)

So where's that fix from Apple, anyway?

3 Comments:

  • MacSlash says it's in 10.3.4 currently in beta

    By Anonymous, at 2:31 PM  

  • A fix from Apple is now available via Software Update: "Security Update 2004-05-24 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components: HelpViewer."

    By pbx, at 8:29 PM  

  • And it works. A quick 700K download and patch, no restart required.

    By pbx, at 8:54 PM  

Post a Comment

<< Home