OSX Security Alert

[George]

Here is a link to an article about a potential (but not that that worrisome) security hole in OSX that can be exploited using URI's and the system Help Viewer (Uniform Resource Identifiers)

http://secunia.com/advisories/11689/

Three things to do here, get current on Apple's software updates, then turn off the "Open Safe Files After Downloading" option in Safari's preferences and finally, disable the URI's that can be hijacked using a new System Preference Pane called RCDefaultApp

Here is where RCDefaultApp can be downloaded

http://www.rubicode.com/Software/RCDefaultApp/

After you get it and get the disk image mounted and find the app file, drop it in the PreferencePanes folder in the root Library directory and then open System Preferences and you will find a new Preference in the lower left corner called Default Apps.

And here is the info on what to do with it.

http://www.rubicode.com/Software/RCDefaultApp/

http://daringfireball.net/2004/05/telnet_protocol

You are basically clicking the URL tab in the Default Apps preference pane and setting the following four URL types to "Disable"

afp

disk

disks

telnet

PM me if anyone is unsure how all of this is done. Don't change anything else with Default App unless you are sure of what you are doing.

BTW, there is no real worry here folks, but it is best to stay current. It is still the safest OS going.

--

Regards,

[benos]

Did those things.

Thanks Geoff!

be

[InTheBlack]

>>>

You are basically clicking the URL tab in the Default Apps preference pane and setting the following four URL types to "Disable"

afp

disk

disks

telnet

>>>

Disabling them within Safari, or somehow within OSX ???

Why do we need a utility program to do this?

[BritinUSA]

Thank you.

One quick question, I could not find disk or disks in the URL list. Perhaps they only exist if I have done something with them in the past ?

Does it matter if they are not there ?

I'm running 10.4.2

[George]

BritinUSA, The exploit was first noticed back in Panther (10.3 and 10.4) and those URL handlers were available on those systems. In Tiger, the URL's for those items don't show up in the RCDefaultApp list anymore because Tiger has them clamped. The afp and telnet protocols are still good to disable and unchecking the Download Safe files in Safari is still a good way to close and lock that gate.

ITB, you need a utility to change URI/URL handlers in OSX easily. The Finder method using Get Info is clumsy at best and useless for some filetypes and URI's. The Command Line/Terminal method is not for the faint of heart.

--

Regards,

[InTheBlack]

I'm running Panther 10.3.9. Wonder if it was fixed in the update?

And isn't Tiger 10.4 ? Why do you say "back in Panther (10.3.3 and 10.3.4)?"

[George]

I meant 10.3.3 and 10.3.4, sorry.

They fixed part of it, but not all of it as is Apple's way, so you should still uncheck the "Open Safe File After Downloading" option in Safari Preferences and us RCDefaultApp to turn off the afp and telnet URL's

--

Regards,

[ASTIG]

I meant 10.3.3 and 10.3.4, sorry.

They fixed part of it, but not all of it as is Apple's way, so you should still uncheck the "Open Safe File After Downloading" option in Safari Preferences and us RCDefaultApp to turn off the afp and telnet URL's

--

Regards,

<{POST_SNAPBACK}>

there's a new security update released today (august 15) just click on the apple logo and click on software update

[George]

That would be the regular bi-monthly security update. The next quarterly one is due out in September and the annual one in December ;-)

But seriously folks, don't forget to do a permission repair on your startup volume before doing any Apple updates, ever!

--

Regards,

[InTheBlack]

What's a permission repair & why do I need to do it?

[George]

It's not a security thing, but a requirement to prevent updates and installers from making the system unstable/unbootable. Permissions can be repaired on the startup volume with Apples DiskUtility.app which can be found in the Utilities folder, which can be found in the Applications folder in the root directory.

After starting DiskUtility select the icon for your startup drive and select the Repair Permissions option.

This is a very smart/important thing to do before ever installing/updating anything in OSX. If the installer finds any of the file/directory permissions other than how it expects to find them when it is updating system files, it can fail to actually write a piece of code. It won't tell you this and you wind up with a glitched install/update.

It may effect things, it may not. You can do 100 updates without fixing permissions and have no problems, then on the 101st time, you wind up with an un-bootable volume. It can and has happened, just not all the time. It's not highly likely, but repairing permissions is too easy to not do it and take the risk of becoming a 1 in 10,000 hard luck user.

--

Regards,