[Ti] Intel Mac Mini?

Bill Fox wfoxjr at earthlink.net
Wed Mar 1 20:08:07 PST 2006

My understanding is that the Secunia demo did that but launched the  
Calculator instead of doing something nasty. Apple's security update  
actually prevents the Secunia demo from doing its thing. Don't know  
anything about your exploit. Maybe you could de-nastify it to do  
something benign and let people try it rather than trying to cow them  
with your nuclear threat.

You never commented on Paranoid Android 1.3 or I missed it somehow.  
The only problem I have with PA is that it issues unnecessary  
warnings too often, like for every RSS update, lulling one into  
potentially making a serious mistake at some point.


On Mar 1, 2006, at 6:58 PM, Chris Olson wrote:

> On Mar 1, 2006, at 8:34 PM, Bill Fox wrote:
>> Apple's Security Update 2006-001 issued today fixes this problem.
> I'm afraid it only partially fixes it.  Launch Services will still  
> start Terminal.app and run a bash shell script without a shebang  
> line and path to the interpreter in the first line of the script  
> without asking or without warning.
> Our demo exploit with a hidden trojan still works perfectly, post- 
> update.
> -- 
> Chris

More information about the Titanium mailing list