Security problem with Safari and other browsers

Posted:
in macOS edited January 2014
Aparantly a lot of browsers don't do a good job checking telnet://-URLs. This can be exploited to overwrite files owned by you or in shared directories like "Applications".



harmless test - this creates a file "testfile" in Applications and opens a telnet shell. More elaborate attempts could be made to overwrite file contents - possibly leading to security problems if files like ssh-keyfiles or any part of an standard application are overwritten with malicious code.
Sign In or Register to comment.