Subscribe to
Posts
Comments
NSLog(); Header Image

Mac OS X Security Exploit

There exists a very good page that demonstrates a number of security flaws (all relating to the same type of thing) in Mac OS X: http://test.doit.wisc.edu/. Visit it now. How to protect yourself:

  1. Get the Help Viewer security update from Apple. This closes the help: protocol only.
  2. Disable the auto-opening of safe files in your browser(s). This will solve the .zip (.dmg, .sit, etc.) issue.
  3. Disable the disk:, disks:, afp:, and telnet: protocols.
  4. Set your ftp: protocol to FTPeel (or disable it).

You can use RCDefaultApp to do the disabling. I recommend reading these three articles as well. Or this one. Jay Allen also wrote one, though I disagree with the step that prompts you to download Paranoid Android.

All of the exploits listed on the test page above worked for me with a standard config. Of course, "worked" == "very bad" in this situation.

Trackback URI | Comments RSS

Leave a Reply

Please abide by the comment policy. Valid HTML includes: <blockquote><p>, <em>, <strong>, <ul>, <ol>, and <a href>. Please use the "Quote Me" functionality to quote comments.