MacNN Forums (http://forums.macnn.com/)
-   Mac OS X (http://forums.macnn.com/mac-os-x/)
-   -   Pretty rad new bug in Mountain Lion (http://forums.macnn.com/90/mac-os-x/497762/pretty-rad-new-bug-mountain-lion/)

 
shifuimam Feb 3, 2013 12:07 AM
Pretty rad new bug in Mountain Lion
rdar://13128709: OSX apps (TextEdit) crashing in spell-checker (I think).

This hit Slashdot today. The text "File:///" without quotes will crash just about every single application in 10.8 except for Terminal. When the app crashes, if you try to view the crashlog information, Console crashes because of the text.

So what you really need to do here is email someone you hate with that text, and it'll crash their mail client.

Verified on bf's MBP - opening a file containing the above text will crash the application. It's not just when you input that text.
 
lpkmckenna Feb 3, 2013 03:58 AM
This is pretty hilarious. I just tried it with TextEdit and Safari, and yep, it works as described. Crashes Spotlight too, but not the search field in Launchpad. (Not that anyone uses Launchpad.

Apparently, any app that using the system-wide spellcheck will crash from this bug.
 
Spheric Harlot Feb 3, 2013 05:33 AM
That's pretty damn funny.

Not dramatic, but funny.
 
shifuimam Feb 3, 2013 11:15 AM
The bug is in Data Detectors, which is an OS-level "feature" that monitors text input and output for things that can be interacted with, like calendar events, phone numbers, email addresses, and URIs. file:/// (case-insensitive, btw) is the URI for accessing content on the local machine. It works in every OS, AFAIK. If you typed something like file:///System into TextEdit, Data Detectors would see that as a URI and convert it into a link. Clicking it would open your System folder. The problem is, the data detector for this particular URI is enforcing case sensitivity, and anything that isn't all lowercase is causing the Data Detector subsystem to crash the application that's trying to use it.

The bigger question is why Data Detectors is system-wide by default, and why there isn't a clear way to disable it. It doesn't work on password fields, but it does work everywhere else. For instance, it's monitoring what you type into Facebook - or even a local text document containing something private. A system-wide process that monitors text input like this is a gold mine for hackers. If it can be hooked, it would be possible for a data mining virus to intercept everything being monitored and use that information for nefarious purposes.

You might think this is a stretch, but this is the kind of stuff that coders on the dark side look for.
 
Spheric Harlot Feb 3, 2013 12:24 PM
Causing the service or application to crash is not a security issue, and it most certainly is NOT a "goldmine for hackers", unless this bug causes an overflow that executes any additional code entered after the crash-causing string.

It is annoying and can be maliciously used to cause data loss, but a security problem it is not.

Unless you're talking about the service itself in a general sense. But that applies to ANY system service, and those all require an exploit first, before ANYTHING can happen.

If somebody manages to access your system to the point that he can run a virus that can read data detectors, then the data detector service is completely irrelevant already.
 
mduell Feb 3, 2013 01:08 PM
Quote, Originally Posted by shifuimam (Post 4215349)
For instance, it's monitoring what you type into Facebook - or even a local text document containing something private. A system-wide process that monitors text input like this is a gold mine for hackers. If it can be hooked, it would be possible for a data mining virus to intercept everything being monitored and use that information for nefarious purposes.
Quote, Originally Posted by Spheric Harlot (Post 4215357)
Causing the service or application to crash is not a security issue, and it most certainly is NOT a "goldmine for hackers", unless this bug causes an overflow that executes any additional code entered after the crash-causing string.
He didn't say the crash is a goldmine for hackers. He said the ability to monitor what's typed in any application is the goldmine.
 
Spheric Harlot Feb 3, 2013 01:23 PM
SHE.

And I figured that that might have been what she meant, which is why the entire second half of my post addresses that point.
 
Waragainstsleep Feb 3, 2013 07:09 PM
It doesn't crash Pages.

Its fun to send someone an iMessage with that text. If you don't delete the conversation, Messages crashes every time.
 
P Feb 4, 2013 04:48 AM
Quote, Originally Posted by Waragainstsleep (Post 4215398)
It doesn't crash Pages.

Its fun to send someone an iMessage with that text. If you don't delete the conversation, Messages crashes every time.
That is Denial of Service, which is at least remotely problematic. The rest is just an amusing little bug.
 
shifuimam Feb 5, 2013 12:35 PM
I'm not saying such an exploit is probable or even sort of likely. It's more the idea that the OS is monitoring things that closely and there's no way to disable it.

Apple's got a pretty bad habit doing this kind of stuff with both OS X and iOS. I just prefer to know what my OS is doing when it comes to monitoring, phoning home, etc. - and more importantly, the option to disable those kinds of "features" is paramount.
 
FireWire Feb 5, 2013 04:33 PM
Apple Data Detector has been around since at least MacOS 8 and I find it really useful! I don't think it's a huge security problem as if your system is compromised, there could be a keylogger that records all your activities already, and the same could be said about system-wide spell checking, which is now mainstream.
 
Chito Feb 5, 2013 04:50 PM
I tried it with Word 2011 and it didn't crash.
 
Thinine Feb 6, 2013 12:23 AM
Quote, Originally Posted by FireWire (Post 4215717)
Apple Data Detector has been around since at least MacOS 8 and I find it really useful! I don't think it's a huge security problem as if your system is compromised, there could be a keylogger that records all your activities already, and the same could be said about system-wide spell checking, which is now mainstream.
Data Detectors are a completely new technology created for iOS and ported to OS X in Lion.

Hopefully we'll see this fixed in 10.8.3.
 
turtle777 Feb 6, 2013 12:27 AM
Quote, Originally Posted by Chito (Post 4215721)
I tried it with Word 2011 and it didn't crash.
I"m sure this is going to be fixed soon.

Oh, wait, nevermind :confused:

-t
 
FireWire Feb 6, 2013 04:09 AM
Quote, Originally Posted by Thinine (Post 4215776)
Data Detectors are a completely new technology created for iOS and ported to OS X in Lion.

Hopefully we'll see this fixed in 10.8.3.
Really? then what's that?

http://photos.appleinsider.com/ldfigure2.gif
http://www.miramontes.com/writing/ad...s/add-fig1.gif
http://www.miramontes.com/writing/ad...s/add-fig2.gif
http://cache.lexico.com/g/d/1gotocontrolpanel.jpg

I clearly remember using this technology way before OS X came out.. http://en.wikipedia.org/wiki/Advanced_Technology_Group

Quote
The Advanced Technology Group (ATG) was a corporate research laboratory at Apple Computer from 1986 to 1997. [...]

Apple's ATG was the birthplace of Color QuickDraw, QuickTime, QuickTime VR, QuickDraw 3D, QuickRing, 3DMF the 3D metafile graphics format, ColorSync, HyperCard, Apple events, AppleScript, Apple's PlainTalk speech recognition software, Apple Data Detectors, the V-Twin software for indexing, storing, and searching text documents, Macintalk Pro Speech Synthesis, the Newton handwriting recognizer,[4] the component software technology leading to OpenDoc, MCF, HotSauce, Squeak, and the children's programming environment Cocoa (a trademark Apple later reused for its otherwise unrelated Cocoa application frameworks).
 
P Feb 6, 2013 06:05 AM
I was just about to say. Data Detectors were a part of Mac OS 8, and there was something called Internet Address Detectors that you could download that would enhance them. I think everyone played with them for two days and then forgot they were ever there.
 
shifuimam Feb 7, 2013 11:44 AM
The base technology has been around for awhile. 10.8 is the first OS where it has been integrated into the system at this level. It was previously only present in certain Apple-published software and third party devs who chose to use it.

The bug doesn't work in Word, but it does work in Outlook. Curious...
 
Thinine Feb 9, 2013 05:47 PM
I'd be verrry surprised if they used the same code. But I never saw that in OS 8+.
 
P Feb 11, 2013 05:09 AM
Apple has reused a lot of code from the old Mac OS in OS X. Given that they use the same name, and it's not a flashy marketing name, I think it's the same code.

Googling this, it appears that the Data Detectors in the default install on OS 8 only worked on applications that supported contextual menus anyway, but if you installed the optional IAD, you got universal support in the same download.
 
All times are GMT -4. The time now is 05:25 PM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2