User Name
Password
AppleNova Forums » Apple Products »

Is the vulnerability patched?


Register Members List Calendar Search FAQ Posting Guidelines
Is the vulnerability patched?
Thread Tools
SonOfSylvanus
Fro Productions(tm)
 
Join Date: May 2004
Location: London Town
 
2004-05-23, 17:15

I downloaded the latest Apple security update for the Help Viewer exploit - is my Mac secure now? I'm confused - I've heard that there are two parts to this exploit, or something. Does Apple's security update fully solve the problem? If not, where should I go to get a proper patch. Thanks.

(I hate having to worry about things like this )

bouncy bouncy
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2004-05-23, 19:30

Quote:
Originally Posted by SonOfSylvanus
(I hate having to worry about things like this )
It's a good thing you're a Mac user, then. Imagine having to worry about these kinds of things every single day as a Windows user.

Anyhow, the security update indeed does not *fully* correct the issue. Apple's update corrects the help protocol flaw but not the disk protocol flaw.

This page will exploit the bug even after the security update (or so I've read; I'm on an old Mac OS 9 machine now): http://www.geekspiff.com/unlinkedCrap/innocousPage.html

There is a haxie out by Unsanity called Paranoid Android, but I have to advise not to install it because it requires use of the sometimes problematic APE framework.

Instead, you can simply install the More Internet preference pane and change the "disk" protocol (add it if not present) and change the mapped application to something benign like Chess (or TextEdit). If you don't trust Apple's update, do the same with the "help" protocol. This procedure is detailed here.

Also, if you use Safari, disable the option to open safe files after download.

I've used More Internet and tested it locally and this appears to fix the hole. Just try the geekspiff link afterwards to see for yourself.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2004-05-23, 22:06

Update: You should also change the "disks" and "telnet" protocols.

So, bottom line:
  • The disk, disks, and telnet protocols have *not* been patched by Apple and should be manually changed.
  • The help protocol has been fixed, but you may safely change it anyway if you are paranoid.

More details here: http://daringfireball.net/2004/05/he...ecurity_update

I really like that link. The author also explains that Unsanity is hyping things a bit more than necessary.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
SonOfSylvanus
Fro Productions(tm)
 
Join Date: May 2004
Location: London Town
 
2004-05-24, 17:03

Thanks Brad, I think I'm all patched up now. Went to Daring Fireball... I love pedants

Wish I didn't have to do this kinda stuff tho <frownie>
  quote
k squared
Member
 
Join Date: May 2004
Location: Verde Amarela
 
2004-05-24, 21:15

What's up with Apple? I find it hard to believe that they didn't know about the other helper app vulnerabilities. Didn't they even test OSX for other methods of attack?
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2004-05-24, 22:21

Actually, Apple apparently knew about this for weeks (or months?) as it was reported a long time ago.

I'm moving this to Mac OS X since it would be helpful for regular readers of that forum.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Paul
Veteran Member
 
Join Date: May 2004
Location: New York City
 
2004-05-25, 00:39

Quote:
Originally Posted by k squared
What's up with Apple? I find it hard to believe that they didn't know about the other helper app vulnerabilities. Didn't they even test OSX for other methods of attack?
actually... no

apple does NOT have a security department...

http://www.businessweek.com/print/bw...051_727.htm?tc

where is that skeptical smily?

Last edited by Paul : 2004-05-25 at 12:27. Reason: Changed link to printable version....
  quote
Barto
Student extraordinaire
 
Join Date: May 2004
Location: Canberra, Australia
 
2004-05-25, 03:24

If this was a bug resulting in an exploit, all these probems would have been fixed in a day or two. But unfortunately for Apple and Mac OS X users, it is an architectual problem. The way LaunchServices works has turned out to be insecure when used by web browsers (and similar). It has evidently taken Apple a while to fix and will probably take a while longer.

Barto

The sky was deep black; Jesus still loved me. I started down the alley, wailing in a ragged bass.
  quote
Moogs
Hates the Infotainment
 
Join Date: May 2004
Location: NSA Archives
 
2004-05-26, 18:06

Brad,

Thanks for the links and alternative to PA. That thing was pretty regularly interuppting my workflow and further I had no idea the thing was screwing with Protected Memory. Unsanity should explicitly state that... pretty weak IMO.

I used the RCDefault App to make the recommended changes. It's a much more flexible tool that PA and less likely to screw up your apps as well, evidently.

...into the light of a dark black night.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools

« Previous Thread | Next Thread »

All times are GMT -5. The time now is 00:58.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova