[X-Unix] Question about the latest security updates
William H. Magill
magill at mcgillsociety.org
Mon Jun 7 16:25:30 PDT 2004
On 07 Jun, 2004, at 18:23, RP McKay wrote:
>> From reading about the security hole with the help viewer recently,
>> it was
> originally mentioned that the (then) patch (applescripts) needed to be
> implemented for all languages installed on a system...
>
> Later with Apple's security update from 24/05 I ran lsbom and saw only
> an
> English change (at least on my system). I used:
>
> lsbom/Library/Receipts/SecUpd2004-05-24Pan.pkg/Contents/Resources/
> SecUpd2004
> -05-24Pan.bom
>
> Thought this was just me but later with the 07/06 update receipt bom I
> see
> all sorts of language changes in other files...
>
> Am I just showing my ignorance here or do I need to worry about the
> other
> language loopholes for the safari bit still?
Hard to say... see this thread on The Register
http://www.theregister.co.uk/2004/05/28/mac_bug_mishandled/
If you navigate to this site, it will test the exploit.
http://bronosky.com/pub/AppleScript.htm
Interestingly, when I first visited it earlier today, the exploit
worked. But right now, after having run Disk Utility/Repair permissions
(for a different problem I was working on), while it launches the Help
Viewer, the exploit is not working. (I've had 10.3.4 installed for
several days and had rebooted numerous times.)
T.T.F.N.
William H. Magill
# Beige G3 - Rev A motherboard - 768 Meg
# Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a
# XP1000 [Alpha EV6]
magill at mcgillsociety.org
magill at acm.org
magill at mac.com
More information about the X-Unix
mailing list