WARNING: HUGE Vulnerability in OS X Web Browsers! (and fix)

[WiseWeasel]

Or you can try the MisFox route for an equally good fix for this problem.

[dotpuppy]

Well I'm really bored tonight, so I put together a quick web page with pictures for how to fix this security hole with Misfox.

Maybe this will help someone:

http://dotpuppy.dyndns.org/HelpViewerFix/

[turdburglar]

I have just received a security update from apple but I dont know if this fixes the problem.

[g4cube]

To test it wouldnt you just try the test script to see if apple have fixed it or not?

[baturjan]

did it fix it???

[ykz]

did it fix it???

apple's last security update only fixed the Help Viewer issue.
Until Apple fixes the other open issues I use Paranoid Android.

[WiseWeasel]

There are no other open issues. The disk:// protocol is normal behavior, and is not a security hole. Simply mounting a disk image will not cause you to be compromised. You would need to actually execute whatever is on the disk image manually, and at that point, it could easily have been any archive format. This update from Apple fixes the remote execution exploit, and as far as I'm concerned, there's no more problem. Disk images can auto-mount all they want, and it won't do a thing, unless I run untrusted content from that disk image, and then, I got what I deserved, especially if it was a <cough>beta</cough> of Microsoft Office from Gnutella or something. Glad there's finally a simple fix for the problem, for all the people who don't want to mess with MisFox and internet protocols.

[WiseWeasel]

I spoke too soon. Just saw the notice of the other exploits here:
http://www.unsanity.com/haxies/pa/whitepaper/
I fixed the problem with RCDefaultApp, and am pretty sure I'm no longer vulnerable. When it rains, it pours...