Mac Exploit Not So Critical

Posted on February 22nd, 2006 by Steve
No Gravatar
Fixes

Just read this on Gerge Ou’s security log on ZDNet:

Extremely critical Mac OS X zero-day exploit released by ZDNet’s George Ou — If you are running Mac OS X in its standard configuration and use Safari, the window will open without waiting for a prompt. The script could just as well delete all files accessible to the current user.

Please also read Daring Fireball’s take here.

This is so simple to fix. First of all, this only works on Safari running under Panther (10.3.x) or earlier. If you use Tiger (10.4.x), or the third party browsers Firefox, Camino, Opera or Mozilla, you don’t have anything to worry about. If you are using Panther or less, go into Safari under Genral Preferences and uncheck the feature that allows it to post process safe downloads. Done.

What kills me are the comments at the bottom of most of these posts. Mac trolls want to minimize the report as much as possible so they go into the “can it really be called an exploit?” spin. Windows trolls either say “see, it isn’t secure at all” or “Mac security is over hyped” or the ever popular “Macs suck!” Linux trolls usually say “this is the open source community getting back at Apple for not making the entirety of OSX free and open to everyone.”

I am done with these “discussions.” Mac users; it is an exploit. If I wanted to write and deploy a shell script tonight to erase the files from a user’s home folder, I could probably do it and do a lot of damage, so, go ahead and uncheck that box in Safari, I’ll wait… you did? Good. Now get over yourselves and get some work done.

Windows users. What can I say that hasn’t already been said? Your OS is a bad citizen, it’s getting better and there are some pretty good tools out there, but it really is an insecure mess. Hopefully, Vista will solve a lot of these problems, but it ain’t out yet.

Linux users, you have an OS that is really nice and secure and… isn’t ready for prime time. You guys need someone like Bruce Tognazzini, an interface guru who can design a slick, functional and secure UI for desktop Linux that makes it dead easy to install and operate out of the box, otherwise, no one but geeks will adopt it.

There can we go on with our lives now?

Filed under: Fixes

« Motorola… Sucks! Psychics Try to Channel John Lennon on TV! Huh? »
Sorry, you must Login or Register to post a comment.