When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

And Now... Another URI Exploit?

The crew over at MacSlash has posted a new vulnerability found within OS X. Also check out John Grubers explanation which covers this exploit in better detail.

While Apple released a patch that fixes the help URI exploit. Another exploit seems to have appeared. This time it's a telnet URI exploit that can be used to overwrite files you have write access to. According to John Gruber:

The problem is with Mac OS X's default handling for 'telnet://' URIs is that it treats whatever follows the slashes as an argument to the telnet shell command. This includes the use of command-line option switches. telnet's "-n" switch can be used to specify a text file in which a log of the telnet session will be written. Thus, a URI such as:

telnet://-nFoo

Will create — or overwrite — a file named "foo" in your home folder. This file is empty, and it isn't executed, but the fact that it will overwrite an existing file with the same name is some serious damage.

View: John Gruber Explanation

News source: MacSlash

Report a problem with article
Next Article

25 to Life: First gritty shots hit the street

Previous Article

Deepnet Explorer - The browser with p2p support!