Safari vulnerability
Just found this proof of concept for a Safari vulnerability. It says it can execute code remotely.
Since I am not right now on a Mac, can anyone try it and tell us what happens? The severity of the exploit is considered high. Is this true?
Quote:
A new vulnerability has been discovered Using the runscript function of the MacOSX's Help.app application, which is callable from Safari, we can execute code remotely.
This proof of concept is simply a real life example of the vulnerability. It will not damage or really compromise your computer: the source script is included with the code which will be executed.
A new vulnerability has been discovered Using the runscript function of the MacOSX's Help.app application, which is callable from Safari, we can execute code remotely.
This proof of concept is simply a real life example of the vulnerability. It will not damage or really compromise your computer: the source script is included with the code which will be executed.
Since I am not right now on a Mac, can anyone try it and tell us what happens? The severity of the exploit is considered high. Is this true?
Comments
OMFG! I didn't even know that WebKit supports launching AppleScripts. It simply must be removed. Nay, web browsers must not be able to execute or launch anything by definition. Really scary.
|
Are you being serious? I think this is a great convenience. And it isn't really a vulnerability, I mean computers do what you tell them. In Prefs it asks if you want to let Safari "process safe downloads." That's what this whole issue is right? Well if you don't want Safari to do this, just uncheck that. What's so bad about that?