Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > Pretty rad new bug in Mountain Lion

Pretty rad new bug in Mountain Lion
Thread Tools
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Feb 2, 2013, 11:07 PM
 
rdar://13128709: OSX apps (TextEdit) crashing in spell-checker (I think).

This hit Slashdot today. The text "File:///" without quotes will crash just about every single application in 10.8 except for Terminal. When the app crashes, if you try to view the crashlog information, Console crashes because of the text.

So what you really need to do here is email someone you hate with that text, and it'll crash their mail client.

Verified on bf's MBP - opening a file containing the above text will crash the application. It's not just when you input that text.
     
Addicted to MacNN
Join Date: Jul 2004
Location: Toronto
Status: Offline
Reply With Quote
Feb 3, 2013, 02:58 AM
 
This is pretty hilarious. I just tried it with TextEdit and Safari, and yep, it works as described. Crashes Spotlight too, but not the search field in Launchpad. (Not that anyone uses Launchpad.

Apparently, any app that using the system-wide spellcheck will crash from this bug.
( Last edited by lpkmckenna; Feb 3, 2013 at 03:12 AM. )
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Feb 3, 2013, 04:33 AM
 
That's pretty damn funny.

Not dramatic, but funny.
     
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Feb 3, 2013, 10:15 AM
 
The bug is in Data Detectors, which is an OS-level "feature" that monitors text input and output for things that can be interacted with, like calendar events, phone numbers, email addresses, and URIs. file:/// (case-insensitive, btw) is the URI for accessing content on the local machine. It works in every OS, AFAIK. If you typed something like file:///System into TextEdit, Data Detectors would see that as a URI and convert it into a link. Clicking it would open your System folder. The problem is, the data detector for this particular URI is enforcing case sensitivity, and anything that isn't all lowercase is causing the Data Detector subsystem to crash the application that's trying to use it.

The bigger question is why Data Detectors is system-wide by default, and why there isn't a clear way to disable it. It doesn't work on password fields, but it does work everywhere else. For instance, it's monitoring what you type into Facebook - or even a local text document containing something private. A system-wide process that monitors text input like this is a gold mine for hackers. If it can be hooked, it would be possible for a data mining virus to intercept everything being monitored and use that information for nefarious purposes.

You might think this is a stretch, but this is the kind of stuff that coders on the dark side look for.
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Feb 3, 2013, 11:24 AM
 
Causing the service or application to crash is not a security issue, and it most certainly is NOT a "goldmine for hackers", unless this bug causes an overflow that executes any additional code entered after the crash-causing string.

It is annoying and can be maliciously used to cause data loss, but a security problem it is not.

Unless you're talking about the service itself in a general sense. But that applies to ANY system service, and those all require an exploit first, before ANYTHING can happen.

If somebody manages to access your system to the point that he can run a virus that can read data detectors, then the data detector service is completely irrelevant already.
     
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status: Offline
Reply With Quote
Feb 3, 2013, 12:08 PM
 
Originally Posted by shifuimam View Post
For instance, it's monitoring what you type into Facebook - or even a local text document containing something private. A system-wide process that monitors text input like this is a gold mine for hackers. If it can be hooked, it would be possible for a data mining virus to intercept everything being monitored and use that information for nefarious purposes.
Originally Posted by Spheric Harlot View Post
Causing the service or application to crash is not a security issue, and it most certainly is NOT a "goldmine for hackers", unless this bug causes an overflow that executes any additional code entered after the crash-causing string.
He didn't say the crash is a goldmine for hackers. He said the ability to monitor what's typed in any application is the goldmine.
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Feb 3, 2013, 12:23 PM
 
SHE.

And I figured that that might have been what she meant, which is why the entire second half of my post addresses that point.
     
Addicted to MacNN
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Feb 3, 2013, 06:09 PM
 
It doesn't crash Pages.

Its fun to send someone an iMessage with that text. If you don't delete the conversation, Messages crashes every time.
I have plenty of more important things to do, if only I could bring myself to do them....
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Feb 4, 2013, 03:48 AM
 
Originally Posted by Waragainstsleep View Post
It doesn't crash Pages.

Its fun to send someone an iMessage with that text. If you don't delete the conversation, Messages crashes every time.
That is Denial of Service, which is at least remotely problematic. The rest is just an amusing little bug.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Feb 5, 2013, 11:35 AM
 
I'm not saying such an exploit is probable or even sort of likely. It's more the idea that the OS is monitoring things that closely and there's no way to disable it.

Apple's got a pretty bad habit doing this kind of stuff with both OS X and iOS. I just prefer to know what my OS is doing when it comes to monitoring, phoning home, etc. - and more importantly, the option to disable those kinds of "features" is paramount.
     
Mac Elite
Join Date: Oct 1999
Location: Montréal, Québec (Canada)
Status: Offline
Reply With Quote
Feb 5, 2013, 03:33 PM
 
Apple Data Detector has been around since at least MacOS 8 and I find it really useful! I don't think it's a huge security problem as if your system is compromised, there could be a keylogger that records all your activities already, and the same could be said about system-wide spell checking, which is now mainstream.
     
Senior User
Join Date: Mar 1999
Location: Uniontown, OH
Status: Offline
Reply With Quote
Feb 5, 2013, 03:50 PM
 
I tried it with Word 2011 and it didn't crash.
Never argue with an idiot. They'll drag you down to their level and beat you with experience.
     
Mac Elite
Join Date: Jul 2002
Status: Offline
Reply With Quote
Feb 5, 2013, 11:23 PM
 
Originally Posted by FireWire View Post
Apple Data Detector has been around since at least MacOS 8 and I find it really useful! I don't think it's a huge security problem as if your system is compromised, there could be a keylogger that records all your activities already, and the same could be said about system-wide spell checking, which is now mainstream.
Data Detectors are a completely new technology created for iOS and ported to OS X in Lion.

Hopefully we'll see this fixed in 10.8.3.
     
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Feb 5, 2013, 11:27 PM
 
Originally Posted by Chito View Post
I tried it with Word 2011 and it didn't crash.
I"m sure this is going to be fixed soon.

Oh, wait, nevermind

-t
     
Mac Elite
Join Date: Oct 1999
Location: Montréal, Québec (Canada)
Status: Offline
Reply With Quote
Feb 6, 2013, 03:09 AM
 
Originally Posted by Thinine View Post
Data Detectors are a completely new technology created for iOS and ported to OS X in Lion.

Hopefully we'll see this fixed in 10.8.3.
Really? then what's that?






I clearly remember using this technology way before OS X came out.. http://en.wikipedia.org/wiki/Advanced_Technology_Group

The Advanced Technology Group (ATG) was a corporate research laboratory at Apple Computer from 1986 to 1997. [...]

Apple's ATG was the birthplace of Color QuickDraw, QuickTime, QuickTime VR, QuickDraw 3D, QuickRing, 3DMF the 3D metafile graphics format, ColorSync, HyperCard, Apple events, AppleScript, Apple's PlainTalk speech recognition software, Apple Data Detectors, the V-Twin software for indexing, storing, and searching text documents, Macintalk Pro Speech Synthesis, the Newton handwriting recognizer,[4] the component software technology leading to OpenDoc, MCF, HotSauce, Squeak, and the children's programming environment Cocoa (a trademark Apple later reused for its otherwise unrelated Cocoa application frameworks).
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Feb 6, 2013, 05:05 AM
 
I was just about to say. Data Detectors were a part of Mac OS 8, and there was something called Internet Address Detectors that you could download that would enhance them. I think everyone played with them for two days and then forgot they were ever there.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Addicted to MacNN
Join Date: Aug 2006
Location: God's Country
Status: Offline
Reply With Quote
Feb 7, 2013, 10:44 AM
 
The base technology has been around for awhile. 10.8 is the first OS where it has been integrated into the system at this level. It was previously only present in certain Apple-published software and third party devs who chose to use it.

The bug doesn't work in Word, but it does work in Outlook. Curious...
     
Mac Elite
Join Date: Jul 2002
Status: Offline
Reply With Quote
Feb 9, 2013, 04:47 PM
 
I'd be verrry surprised if they used the same code. But I never saw that in OS 8+.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Feb 11, 2013, 04:09 AM
 
Apple has reused a lot of code from the old Mac OS in OS X. Given that they use the same name, and it's not a flashy marketing name, I think it's the same code.

Googling this, it appears that the Data Detectors in the default install on OS 8 only worked on applications that supported contextual menus anyway, but if you installed the optional IAD, you got universal support in the same download.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 05:42 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2