一瞥预防

[6月7日更新:I’ve modified the instructions on this page considerably in the wake of Security Update 2004-06-07, which closes all of the known vulnerabilitiesThe instructions on this page are current and up-to-dateIf you’d like to see last revision of this document到今天的更新,点击这里]

In a nutshell, here is my advice for how to close the various URI-related vulnerabilities in Mac OS XFor more details, see my previous articles:

This page is intended to serve as a consolidated, comprehensive, and to-the-point list of instructions for closing all known URI-related vulnerabilities affecting Mac OS XIf new information or exploits are identified, I plan to revise this document in-place.

  1. If you haven’t done so already, install Security Update 2004-05-24This fixes the Help Viewer ‘help:runscript’ vulnerability.

  2. If you’re running Panther, upgrade to version 10.3.4 using Software Update10.3.4 contains an updated version of Terminal which closed the ‘telnet’ vulnerability.

    (If you’re running Jaguar, the ‘telnet’ vulnerability was closed in Software Update 2004-05-24.)

  3. 安装安全更新2004-06-07This update closes all known remaining vulnerabilitiesSee Apple’s Knowledge Base article for details of how they’ve closed the URI/Launch Services vulnerabilities.

If you follow these three steps, my testing indicates that you’ll be protected from all of the vulnerabilities publicized in the last month(Note to Jaguar users: you must upgrade to 10.2.8 in order to install Apple’s recent security updatesThis is a free update; all previous versions of Jaguar, 10.2.0 - 10.2.7, will remain vulnerable to these exploits10.2.8 is the only version of Jaguar that is supported by Apple.)

To be cautious, you might still want to turn off Safari’s “Open ‘safe’ files after downloading” preference (or keep it turned off if you unchecked it a few weeks ago, when these problems surfaced). Although there are no remaining vulnerabilities I’m aware of that can be abused using this preference, I think it’s unwise to think there exists such a thing as a “safe file” that can be opened automatically after downloading it.

常问问题

  • What if I followed your previous instructions, and usedRCDefaultAppto disable URI protocols such as ‘afp’, ‘disk’, and ‘disks’? Do I need to re-enable these?

    安全更新2004-06-07移除了the ‘disk’ and ‘disks’ protocols from your Launch Services databaseThese protocols are no longer handled automatically by DiskImageMounter, thus, you no longer need to worry about them.

    As for ‘ftp’ and ‘afp’, you can now safely re-assign these URIs to the Finder if you wantHowever, I still think a dedicated FTP application (such asInterarchy要么发送) is a better choice for FTPIf you don’t know for a fact that you need ‘afp’ URIs, you almost certainly don’t need to worry about them.

  • What’s the best resource with innocuous example exploits using these techniques?

    http://test.doit.wisc.edu/has example exploits for downloaded zip archives and disk images, and for the ‘afp’, ‘disk’, and ‘ftp’ protocols.

    My testing, on three separate Macs, indicates that by following the above instructions, all of these example exploits have been closed.