[Ti] Intel Mac Mini?
Bill Fox
wfoxjr at earthlink.net
Wed Mar 1 20:08:07 PST 2006
My understanding is that the Secunia demo did that but launched the
Calculator instead of doing something nasty. Apple's security update
actually prevents the Secunia demo from doing its thing. Don't know
anything about your exploit. Maybe you could de-nastify it to do
something benign and let people try it rather than trying to cow them
with your nuclear threat.
You never commented on Paranoid Android 1.3 or I missed it somehow.
The only problem I have with PA is that it issues unnecessary
warnings too often, like for every RSS update, lulling one into
potentially making a serious mistake at some point.
Bill
On Mar 1, 2006, at 6:58 PM, Chris Olson wrote:
> On Mar 1, 2006, at 8:34 PM, Bill Fox wrote:
>
>> Apple's Security Update 2006-001 issued today fixes this problem.
>
> I'm afraid it only partially fixes it. Launch Services will still
> start Terminal.app and run a bash shell script without a shebang
> line and path to the interpreter in the first line of the script
> without asking or without warning.
>
> Our demo exploit with a hidden trojan still works perfectly, post-
> update.
> --
> Chris
>
More information about the Titanium
mailing list