bmw
May 20th, 2004, 19:02
There's been a lot of noise and discussion about the "help:" URI (and "disk:" URI) potential exploit. Here's the best article I've seen on how to immunize your MacOS X system from it.

http://daringfireball.net/2004/05/unsafe_uri_handlers

Article describes "RCDefaultApp", a really useful System Preferences plugin to download and how to configure it.


Note that the exploit is still theoretical rather than real, but a PoC is but a heartbeat away, and some bozos will put malicious URLs on their sites.

bmw
May 21st, 2004, 19:29
Oh good. telnet: can be exploited too, so add that to the <disabled> list.

http://daringfireball.net/2004/05/telnet_protocol

soup4you2
May 21st, 2004, 20:19
well looks like there's a new security update on os x now..