Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > Security exploit used as patch installer

Security exploit used as patch installer
Thread Tools
n8910
Junior Member
Join Date: Sep 2000
Location: Milwaukee, WI
Status: Offline
Reply With Quote
May 19, 2004, 02:59 PM
 
Link removed as of recent developments.

Paranoid Android looks the best so far, see: http://www.unsanity.com/haxies/pa

Unfortunately it is not an easy deployment for 400 some macs.
(Last edited by n8910; May 20, 2004 at 10:38 AM. )
     
Kristoff
Mac Elite
Join Date: Sep 2000
Location: in front of the keyboard
Status: Offline
Reply With Quote
May 19, 2004, 03:16 PM
 
In light of the issue, I don't think very many people will be clicking on that link.
signatures are a waste of bandwidth
especially ones with political tripe in them.
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
May 19, 2004, 04:12 PM
 
Originally posted by Kristoff:
In light of the issue, I don't think very many people will be clicking on that link.
Agreed.

One should NEVER use a security exploit to fix a security exploit. Under ANY circumstances.
     
n8910  (op)
Junior Member
Join Date: Sep 2000
Location: Milwaukee, WI
Status: Offline
Reply With Quote
May 19, 2004, 04:29 PM
 
(Last edited by n8910; May 19, 2004 at 10:01 PM. )
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
May 19, 2004, 05:54 PM
 
Originally posted by n8910:
It's a dang shot better than the people who posted examples of how the exploit works, but still left your mac unprotected.
Actually, it isn't. There is plenty of potential for something to go wrong.
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
May 19, 2004, 05:59 PM
 
Originally posted by Person Man:
Actually, it isn't. There is plenty of potential for something to go wrong.
Yeah, like the Windows virus that was supposed to fix another windows virus, but caused more problems than the original.
     
n8910  (op)
Junior Member
Join Date: Sep 2000
Location: Milwaukee, WI
Status: Offline
Reply With Quote
May 19, 2004, 09:07 PM
 
(Last edited by n8910; May 19, 2004 at 10:02 PM. )
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
May 19, 2004, 09:49 PM
 
Originally posted by n8910:
There is plenty of potential for things to go wrong if one does nothing.


I am open to a better solution. Lets hear it.
Do it manually, or use one of the many programs that has already been written or wait for Apple to fix it themselves.

Just DON'T use the exploit itself to fix the exploit.
     
n8910  (op)
Junior Member
Join Date: Sep 2000
Location: Milwaukee, WI
Status: Offline
Reply With Quote
May 19, 2004, 10:12 PM
 
Originally posted by Person Man:
Do it manually, or use one of the many programs that has already been written or wait for Apple to fix it themselves.

Just DON'T use the exploit itself to fix the exploit.

Revel in the beauty of the internet. I did write it, and I think disk:// urls are the way to go. No servers to mount, no files to download and then delete. help uri's are also good things, but they should ask before running blindly.

I edited step 3 just for you which, btw never ran automatically anyhow.


wire send is an excellent cd btw.
     
Sarc
Mac Elite
Join Date: Sep 2001
Location: Chile
Status: Offline
Reply With Quote
May 19, 2004, 10:22 PM
 
I just tried the link, so far, using Opera has saved me some headaches.
:: frankenstein / lcd-less TiBook / 1GHz / radeon 9000 64MB / 1GB RAM / w/ext. 250GB fw drive / noname usb bluetooth dongle / d-link usb 2.0 pcmcia card / X.5.8
:: unibody macbook pro / 2.4 Ghz C2D / 6GB RAM / dell 2407wfp - X.6.3
     
n8910  (op)
Junior Member
Join Date: Sep 2000
Location: Milwaukee, WI
Status: Offline
Reply With Quote
May 19, 2004, 10:30 PM
 
Originally posted by Sarc:
I just tried the link, so far, using Opera has saved me some headaches.
It doesn't run by itself.
     
theolein
Addicted to MacNN
Join Date: Feb 2001
Location: zurich, switzerland
Status: Offline
Reply With Quote
May 20, 2004, 01:12 AM
 
This is really not the way to go, I think. While you can be proud of yourself for having written a script that modifies the one instance of OpnApp.scpt mentioned in the original thread (please read it), the actual vulnerability is far more serious than that, in that not only are there very many instances of OpnApp.scpt on the disk, but that it is not even needed to exploit this vulnerability. Anyone can create their own protocol, say owned://, write an app that does some damange, place it in a .dmg (even this is not needed on local network shares, such as in a school or university) and write a webpage directing both the disk image to mount and execute the protocol without the user doing anything.

In short, your app does not solve anything, sadly.
weird wabbit
     
n8910  (op)
Junior Member
Join Date: Sep 2000
Location: Milwaukee, WI
Status: Offline
Reply With Quote
May 20, 2004, 08:02 AM
 
Originally posted by theolein:
This is really not the way to go, I think. While you can be proud of yourself for having written a script that modifies the one instance of OpnApp.scpt mentioned in the original thread (please read it), the actual vulnerability is far more serious than that, in that not only are there very many instances of OpnApp.scpt on the disk, but that it is not even needed to exploit this vulnerability. Anyone can create their own protocol, say owned://, write an app that does some damange, place it in a .dmg (even this is not needed on local network shares, such as in a school or university) and write a webpage directing both the disk image to mount and execute the protocol without the user doing anything.

Ack. I see there are quite a few new discoveries since last night.

BTW - my fix uses the locate database to find all occurrrences of the script, and fix them all. In patching the macs at work I came across a few laptops that did not have a locate database because /etc/weekly had never been run, and in those cases the script falls back and only patches the main help app. Thing is you need to run weekly as sudo, as well as the locate update command, and I didn't feel comfortable asking for those permissions via applescript.

I could use authorization services in obj-c, and call a shell script, but I didn't.
(Last edited by n8910; May 20, 2004 at 09:14 AM. )
     
Dale Sorel
Mac Elite
Join Date: Aug 2002
Status: Offline
Reply With Quote
May 20, 2004, 01:25 PM
 
Originally posted by n8910:
Paranoid Android looks the best so far, see: http://www.unsanity.com/haxies/pa
I've tested PA, and it seems to do the trick
Come and "ROME" with my girl outside! A place for Luke, too! Ruthie and her Kitty-Elevator! My wonderful new young girl!!!
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 12:47 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2