There's been a lot of noise and discussion about the "help:" URI (and "disk:" URI) potential exploit. Here's the best article I've seen on how to immunize your MacOS X system from it.

http://daringfireball.net/2004/05/unsafe_uri_handlers

Article describes "RCDefaultApp", a really useful System Preferences plugin to download and how to configure it.


Note that the exploit is still theoretical rather than real, but a PoC is but a heartbeat away, and some bozos will put malicious URLs on their sites.

Oh good. telnet: can be exploited too, so add that to the <disabled> list.

http://daringfireball.net/2004/05/telnet_protocol

well looks like there's a new security update on os x now..