Dear fanboys, I would like to emphasize the presence of the word "may" in the title.
Microsoft Corporation recently announced plans to release a patch to reduce the risk of a new kind of Web-based security vulnerability, but security researchers say that other operating systems are probably at risk too. Nathan McFeters, a security researcher with Ernst & Young Global Limited, is one of the researchers who has been studying the problem most closely. He hopes to present more details on how Linux and Mac OS X may also be susceptible to what are known as Uniform Resource Identifier (URI) protocol handler flaws at the Toorcon hacking conference, being held next week in San Diego. Although McFeters admitted he had not yet found a way to run unauthorized code on Unix-based operating systems, he and his fellow researchers have discovered a number of issues that looked like they could be grounds for further research.
The problem McFeters and others have been researching over the past few months has to do with the URI protocol handling technology, used to launch programs from within Web browsers. Because any software developer can register their own application with the operating system, programs can be effectively launched within the browser without proper checks on the way they are being executed. Microsoft had originally said that it was up to software developers to make sure their programs check the links so that they don't include malicious code, but this week the software giant agreed to put some checks within the Windows operating system as well.
News source: PC World
16 Comments - Add comment