Origins of Mac OS X's runscript Security Hole

ahknight writes "codepoetry has an informative article about why there was a runscript command to begin with, where it came from, and how it's still used. A good read for people wondering why the command existed at all. Also, Daring Fireball has possibly the best solution so far with instructions on how to turn off the help and disk protocols entirely (much better than deleting random system components)." Update: 05/21 22:27 GMT by P :Daring Fireball also mentions an abuse of the telnet: handler that can overwrite any file you have write permissions to, and doesn't need a known path. There's also an applescript: handler, which I'd disable just for the heck of it, at this point ... Update: 05/21 22:36 GMT by P : Several readers note that Apple has just released Security Update 2004-05-24, which address the runscript problem, though apparently not the others.

Re:Opensource Linux vs. OS X security

[Gilmoure]

This one was first noticed back in February and duly reported to Apple. Three-four months isn't bad response time, to craft a script that would go in, turn off a couple of options in URL handling, right?

Switch

[Neillparatzo]

See, you guys should just buy a Mac. We don't have this sort of problem.

Re:As much as love to mock OS X

[fastgood]

Apple Computer on Friday issued an update to Mac OS X to address flaws
that security firms said could allow malicious code to be run on a Macintosh.

From the sounds of this NEWS.COM release, it sounded as if Apple blocked the ability to execute future Windows emulators...