The crew over at MacSlash has posted a new vulnerability found within OS X. Also check out John Grubers explanation which covers this exploit in better detail.
While Apple released a patch that fixes the help URI exploit. Another exploit seems to have appeared. This time it's a telnet URI exploit that can be used to overwrite files you have write access to. According to John Gruber:
The problem is with Mac OS X's default handling for 'telnet://' URIs is that it treats whatever follows the slashes as an argument to the telnet shell command. This includes the use of command-line option switches. telnet's "-n" switch can be used to specify a text file in which a log of the telnet session will be written. Thus, a URI such as:
telnet://-nFoo
Will create — or overwrite — a file named "foo" in your home folder. This file is empty, and it isn't executed, but the fact that it will overwrite an existing file with the same name is some serious damage.
View: John Gruber Explanation
News source: MacSlash
-1 Comments - Add comment