[Ti] Intel Mac Mini? (OT)
John
simplymail at ururk.com
Sat Feb 25 21:30:25 PST 2006
On Feb 25, 2006, at 11:25 PM, Chris Olson wrote:
> On Feb 25, 2006, at 9:56 PM, Mikael Byström wrote:
>
>> Chris, wouldn't changing umask prevent the exploit from gaining
>> access?
>
> No because everything happens outside the shell until Launch
> Services calls the shell to run the code. By that time it's too late.
>
>> If I try it, will it only delete the current user account, or all?
>
> The current user account only. However, we've found that on admin
> user accounts we can modify system settings and/or place hidden
> files/folders/binaries at the root level in /Library or /
> Applications too. We're still tweaking the code, trying to figure
> out exactly how much damage we can do.....
> --
> Chris
I guess the *slightly* more important question would be, have you
notified Apple of the vulnerability and/or is Apple (already) aware
of it? I've been under the assumption that they do not always respond
immediately to threats.
More information about the Titanium
mailing list