p2pnet.net News:- Secunia has updated its security warning for Apple MAC users with Safari 1.2.1 (v125.1) and Internet Explorer 5.2. from “highly” to “extremely” critical.

And, “Other browsers may also be used as attack vectors,” it says on its web site, going on:

“The rating has been upgraded to ‘Extremely Critical’ because the issues are very easy to exploit and a large number of working exploits are available.”

“Two vulnerabilities have been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system,” says Secunia here.

“1) The problem is that the “help” URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using ‘help:runscript’.

“2) It is reportedly also possible to silently place arbitrary files in a known location, including script files, on a user’s system using the ‘disk’ URI handler.”

Secunia says there’s no efficient solution, but a security analyst is not, apparently, terribly concerned.

“Historically these aren’t that big of a deal, but that could change,” Bruce Schneier, cto of Counterpane Internet, is quoted as saying in DIGIT here.

However, “We take security very seriously at Apple and we are actively investigating this potential security issue,” Apple says in a statement.

This entry was posted on Wednesday, May 19th, 2004 at 5:25 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1302 times