ME and Ophelia
Friday, May 21, 2004
- - -
MAC OS X HIGHLY CRITICAL SECURITY FLAW:
What to do
Following on from my previous post, American blogger and techie extraordinaire Jim O'Connell, at Wirefarm in Tokyo, says "if you use a Mac, please read this. There is a serious vulnerability in OS X right now that will let a web page or email do bad stuff to your files. It could delete any file that you, as a user, have permission to delete."
- - -
Note, Of course, I can't understand a word of it and have never heard of Telnet. I'll try following the instructions again, after posting this. I may need to take a short blogging break to sort this out and, while I'm at it, get Symantec's anti virus protection (is that the best for a Mac, does any reader know?) installed on my new PowerBook G4. I hope other Mac users take the time out to do same.
- - -
Update: Thanks to Liz Lawley for posting these easy step instructions (I'll try them as soon as I've posted this):
"If, like me, you just want to know how to fix this fast (since Apple has apparently known about this since February and hasn’t fixed it, it wouldn’t be wise to wait for their patch), here’s the approach to use:
1. Download the freeware tool More Internet.
2. From the disk image, run “install prefpane,” which will put the MoreInternet preference panel into your System Preferences panel.
3. Open the MoreInternet panel, and select the help: protocol.
4. Change the application it launches from the Help Viewer (which has the script-running vulnerability) to something benign. (I used TextEdit.) I used Chess, which, unlike TextEdit, gives me a clear visual cue that a page tried to invoke the help: protocol.
5. Make sure it worked by going to the scary but harmless example.
In my comments, Jay Allen points out that you should repeat steps 3 and 4 for the disk: protocol, as well."
- - -
Update 11.05 am: I've carried out steps 1-4. If I'm not supposed to end up with the PICTURE of a chessboard when I click into step 5, please don't laugh at me - because that's what I've got. I couldn't work out step 4 and just clicked around, trying to find a way to insert the word Chess - like Liz did. I saw Chess (an application I think) somewhere and clicked onto it. All of a sudden "Chess" replaced the word "Help" in the list that step 4 brings up. Does any reader know if I've done it correctly? Can I now stop worrying about this security flaw? Do I still need to install Norton anti virus? Or is there something better to protect Macs? Any advice would be gratefully received. I cannot bear anymore computer related problems.
MAC OS X HIGHLY CRITICAL SECURITY FLAW:
What to do
Following on from my previous post, American blogger and techie extraordinaire Jim O'Connell, at Wirefarm in Tokyo, says "if you use a Mac, please read this. There is a serious vulnerability in OS X right now that will let a web page or email do bad stuff to your files. It could delete any file that you, as a user, have permission to delete."
- - -
Note, Of course, I can't understand a word of it and have never heard of Telnet. I'll try following the instructions again, after posting this. I may need to take a short blogging break to sort this out and, while I'm at it, get Symantec's anti virus protection (is that the best for a Mac, does any reader know?) installed on my new PowerBook G4. I hope other Mac users take the time out to do same.
- - -
Update: Thanks to Liz Lawley for posting these easy step instructions (I'll try them as soon as I've posted this):
"If, like me, you just want to know how to fix this fast (since Apple has apparently known about this since February and hasn’t fixed it, it wouldn’t be wise to wait for their patch), here’s the approach to use:
1. Download the freeware tool More Internet.
2. From the disk image, run “install prefpane,” which will put the MoreInternet preference panel into your System Preferences panel.
3. Open the MoreInternet panel, and select the help: protocol.
4. Change the application it launches from the Help Viewer (which has the script-running vulnerability) to something benign. (I used TextEdit.) I used Chess, which, unlike TextEdit, gives me a clear visual cue that a page tried to invoke the help: protocol.
5. Make sure it worked by going to the scary but harmless example.
In my comments, Jay Allen points out that you should repeat steps 3 and 4 for the disk: protocol, as well."
- - -
Update 11.05 am: I've carried out steps 1-4. If I'm not supposed to end up with the PICTURE of a chessboard when I click into step 5, please don't laugh at me - because that's what I've got. I couldn't work out step 4 and just clicked around, trying to find a way to insert the word Chess - like Liz did. I saw Chess (an application I think) somewhere and clicked onto it. All of a sudden "Chess" replaced the word "Help" in the list that step 4 brings up. Does any reader know if I've done it correctly? Can I now stop worrying about this security flaw? Do I still need to install Norton anti virus? Or is there something better to protect Macs? Any advice would be gratefully received. I cannot bear anymore computer related problems.