Comment Re:Isn't every Classic Hole an OSX hole then. (Score 1) 20
But to me it dosent really sound fare to call it an OSX error where the problem is in OS9.
Yes. "AutoStart" is the problem of QuickTime in OS 9 or Classic Environment. But, in this vuln, OS X's browsers download malicious compressed disk image in consists of their bug and OS X's Stuffit Expander extracts it and mount it. Only the execution process needs QuickTime in OS 9 or Classic. And, executed malicious programs are treated as OS X's ones finally. So, for example, you can use AppleScript to execute shell script ; :-)
You're an UNIX guy, so you don't need Classic. But please imagine most of all Mac users needs OS 9 or Classic.
I think the lesson is not only "don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences. ", but all browser vendors must their products to be disable download without user's agreement and all Mac users is needed to think about the convenient initial settings of applications.
The excessive busybody of vendors induces vulnerabilities. It's not only Windows problem :-).
Yes. "AutoStart" is the problem of QuickTime in OS 9 or Classic Environment. But, in this vuln, OS X's browsers download malicious compressed disk image in consists of their bug and OS X's Stuffit Expander extracts it and mount it. Only the execution process needs QuickTime in OS 9 or Classic. And, executed malicious programs are treated as OS X's ones finally. So, for example, you can use AppleScript to execute shell script ;
Of course, this is an extreme example.do shell script "sudo rm -rf/"
You're an UNIX guy, so you don't need Classic. But please imagine most of all Mac users needs OS 9 or Classic.
I think the lesson is not only "don't ever have "CD-ROM AutoPlay" turned on in your QuickTime preferences. ", but all browser vendors must their products to be disable download without user's agreement and all Mac users is needed to think about the convenient initial settings of applications.
The excessive busybody of vendors induces vulnerabilities. It's not only Windows problem
