Mac Hole Has Users, Hackers Abuzz
For all the crap MS takes over their security holes (much of it justified), I don't remember one this bad. This is a serious flaw.
Mac Hole Has Users, Hackers Abuzz
The security hole stems from the way Mac OS X handles a pair of commonly used protocols: Help and Disk. When either protocol is invoked by a Web link, browsers launch the Help Viewer program or automatically mount a disk image.
Trouble is, the Help Viewer is set up to automatically run scripts. A Web link invokes the Help Viewer, which runs a script, executing a Unix command. A good example can be found here: Richard Bronosky's script (Mac OS X systems only) invokes Unix's "du" command, which harmlessly reports the contents of a hard drive in the Terminal Window. The script is easily adapted to erase the Home folder.