Temporary Patch for OSX Security Hole

[ncarandang]

http://www.versiontracker.com/dyn/moreinfo/macosx/23446

You guys might want to check this out. I downloaded it and installed. Works well with me. :2cents:

[joel]

To test if your browser is vulnerable to exploits, check this site.

It's a welcome surprise that Opera 7.50 is not affected! arty:

[tisha]

To test if your browser is vulnerable to exploits, check this site.

how do you read the results of this test?
actually, i am at a complete loss to what what i am supposed to look for.

thanks.

[joel]

tisha, when you go to the site, Help and Terminal will automatically start-up if your browser is vulnerable. Everything that happens in the site is quite harmless but shows what an exploit could do.

[Bob Serrano]

Hi Guys,

Just got urgent word from Victor Panlilio (ex ex PhilMugger--just needs to re-register) that there is an even more insidious applescript which exploits TextEdit which is scriptable. I asked him to send the post with complete (and somewhat complex) instructions for patching. Apparently, apple has been notified of this hole as early as February but has not yet done anything about it. This guy who discovered it decided to go public. Standby.

[joel]

From macosxhints:

"1. Turn off "Open 'safe' files after downloading" in the Safari general preferences.
2. Download Misfox or MoreInternet, or some other application which allows you to set your internet helper preferences.
3. Set the protocol preference for 'help' to Chess or TextEdit, or something other than the Help application. robg update: This originally said Safari, but Safari is smart enough to hand the URL back to Help, so the exploit still works. I have mine set to TextEdit now, and the test exploits all fail."

[mykmarinas]

How can i changed the protocol preference for 'help' to Chess or textEdit? thanks

[docnap]

Apple released a Security Update that might just take care of all of these concerns. Check software update.

Nap