|
|
Pretty rad new bug in Mountain Lion
|
|
|
|
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status:
Offline
|
|
rdar://13128709: OSX apps (TextEdit) crashing in spell-checker (I think).
This hit Slashdot today. The text "File:///" without quotes will crash just about every single application in 10.8 except for Terminal. When the app crashes, if you try to view the crashlog information, Console crashes because of the text.
So what you really need to do here is email someone you hate with that text, and it'll crash their mail client.
Verified on bf's MBP - opening a file containing the above text will crash the application. It's not just when you input that text.
|
Sell or send me your vintage Mac things if you don't want them.
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jul 2004
Location: Toronto
Status:
Offline
|
|
This is pretty hilarious. I just tried it with TextEdit and Safari, and yep, it works as described. Crashes Spotlight too, but not the search field in Launchpad. (Not that anyone uses Launchpad.
Apparently, any app that using the system-wide spellcheck will crash from this bug.
(
Last edited by lpkmckenna; Feb 3, 2013 at 04:12 AM.
)
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
That's pretty damn funny.
Not dramatic, but funny.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status:
Offline
|
|
The bug is in Data Detectors, which is an OS-level "feature" that monitors text input and output for things that can be interacted with, like calendar events, phone numbers, email addresses, and URIs. file:/// (case-insensitive, btw) is the URI for accessing content on the local machine. It works in every OS, AFAIK. If you typed something like file:///System into TextEdit, Data Detectors would see that as a URI and convert it into a link. Clicking it would open your System folder. The problem is, the data detector for this particular URI is enforcing case sensitivity, and anything that isn't all lowercase is causing the Data Detector subsystem to crash the application that's trying to use it.
The bigger question is why Data Detectors is system-wide by default, and why there isn't a clear way to disable it. It doesn't work on password fields, but it does work everywhere else. For instance, it's monitoring what you type into Facebook - or even a local text document containing something private. A system-wide process that monitors text input like this is a gold mine for hackers. If it can be hooked, it would be possible for a data mining virus to intercept everything being monitored and use that information for nefarious purposes.
You might think this is a stretch, but this is the kind of stuff that coders on the dark side look for.
|
Sell or send me your vintage Mac things if you don't want them.
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Causing the service or application to crash is not a security issue, and it most certainly is NOT a "goldmine for hackers", unless this bug causes an overflow that executes any additional code entered after the crash-causing string.
It is annoying and can be maliciously used to cause data loss, but a security problem it is not.
Unless you're talking about the service itself in a general sense. But that applies to ANY system service, and those all require an exploit first, before ANYTHING can happen.
If somebody manages to access your system to the point that he can run a virus that can read data detectors, then the data detector service is completely irrelevant already.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
Originally Posted by shifuimam
For instance, it's monitoring what you type into Facebook - or even a local text document containing something private. A system-wide process that monitors text input like this is a gold mine for hackers. If it can be hooked, it would be possible for a data mining virus to intercept everything being monitored and use that information for nefarious purposes.
Originally Posted by Spheric Harlot
Causing the service or application to crash is not a security issue, and it most certainly is NOT a "goldmine for hackers", unless this bug causes an overflow that executes any additional code entered after the crash-causing string.
He didn't say the crash is a goldmine for hackers. He said the ability to monitor what's typed in any application is the goldmine.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
SHE.
And I figured that that might have been what she meant, which is why the entire second half of my post addresses that point.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
It doesn't crash Pages.
Its fun to send someone an iMessage with that text. If you don't delete the conversation, Messages crashes every time.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Originally Posted by Waragainstsleep
It doesn't crash Pages.
Its fun to send someone an iMessage with that text. If you don't delete the conversation, Messages crashes every time.
That is Denial of Service, which is at least remotely problematic. The rest is just an amusing little bug.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status:
Offline
|
|
I'm not saying such an exploit is probable or even sort of likely. It's more the idea that the OS is monitoring things that closely and there's no way to disable it.
Apple's got a pretty bad habit doing this kind of stuff with both OS X and iOS. I just prefer to know what my OS is doing when it comes to monitoring, phoning home, etc. - and more importantly, the option to disable those kinds of "features" is paramount.
|
Sell or send me your vintage Mac things if you don't want them.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: Montréal, Québec (Canada)
Status:
Offline
|
|
Apple Data Detector has been around since at least MacOS 8 and I find it really useful! I don't think it's a huge security problem as if your system is compromised, there could be a keylogger that records all your activities already, and the same could be said about system-wide spell checking, which is now mainstream.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 1999
Location: Uniontown, OH
Status:
Offline
|
|
I tried it with Word 2011 and it didn't crash.
|
Never argue with an idiot. They'll drag you down to their level and beat you with experience.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2002
Status:
Offline
|
|
Originally Posted by FireWire
Apple Data Detector has been around since at least MacOS 8 and I find it really useful! I don't think it's a huge security problem as if your system is compromised, there could be a keylogger that records all your activities already, and the same could be said about system-wide spell checking, which is now mainstream.
Data Detectors are a completely new technology created for iOS and ported to OS X in Lion.
Hopefully we'll see this fixed in 10.8.3.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by Chito
I tried it with Word 2011 and it didn't crash.
I"m sure this is going to be fixed soon.
Oh, wait, nevermind
-t
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: Montréal, Québec (Canada)
Status:
Offline
|
|
Originally Posted by Thinine
Data Detectors are a completely new technology created for iOS and ported to OS X in Lion.
Hopefully we'll see this fixed in 10.8.3.
Really? then what's that?
I clearly remember using this technology way before OS X came out.. http://en.wikipedia.org/wiki/Advanced_Technology_Group
The Advanced Technology Group (ATG) was a corporate research laboratory at Apple Computer from 1986 to 1997. [...]
Apple's ATG was the birthplace of Color QuickDraw, QuickTime, QuickTime VR, QuickDraw 3D, QuickRing, 3DMF the 3D metafile graphics format, ColorSync, HyperCard, Apple events, AppleScript, Apple's PlainTalk speech recognition software, Apple Data Detectors, the V-Twin software for indexing, storing, and searching text documents, Macintalk Pro Speech Synthesis, the Newton handwriting recognizer,[4] the component software technology leading to OpenDoc, MCF, HotSauce, Squeak, and the children's programming environment Cocoa (a trademark Apple later reused for its otherwise unrelated Cocoa application frameworks).
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
I was just about to say. Data Detectors were a part of Mac OS 8, and there was something called Internet Address Detectors that you could download that would enhance them. I think everyone played with them for two days and then forgot they were ever there.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status:
Offline
|
|
The base technology has been around for awhile. 10.8 is the first OS where it has been integrated into the system at this level. It was previously only present in certain Apple-published software and third party devs who chose to use it.
The bug doesn't work in Word, but it does work in Outlook. Curious...
|
Sell or send me your vintage Mac things if you don't want them.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2002
Status:
Offline
|
|
I'd be verrry surprised if they used the same code. But I never saw that in OS 8+.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Apple has reused a lot of code from the old Mac OS in OS X. Given that they use the same name, and it's not a flashy marketing name, I think it's the same code.
Googling this, it appears that the Data Detectors in the default install on OS 8 only worked on applications that supported contextual menus anyway, but if you installed the optional IAD, you got universal support in the same download.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|