Archive

Posts Tagged ‘vulnerability’

Mozilla blocks Microsoft’s Firefox plugin

October 19, 2009 Leave a comment

Monday mornings are not known for amusing news, but today is different. I fired up Firefox on my work Laptop and up poped a dialogue warning me that the Windows Presentation Foundation had been disabled.

Firefox_says_NO

The Windows Presentation Foundation plugin caused a stink earlier this year when it was installed into Firefox by a Microsoft update without the users consent or knowledge. Uninstalling the plugin proved initially difficult (later resolved with another update) and last week Microsoft announced it contained a critical security vulnerability.

The block came into effect late Friday, but since I’m a Macintosh user at home I do not (yet) suffer intrusive Microsoft updates that install components without my permission.

Advertisements

Serious OSX Security Vulnerabilty

June 29, 2008 Leave a comment

This one broke around a week ago but I’ve only just had the chance to try it out. And an OSX security flaw is big news so no harm in spreading the cure. The advisory at Washingtonpost.com concerns the Apple Remote Desktop Agent which runs as root and accepts applescript commands. Typing the following into terminal, you can copy and paste and it works fine.

osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘;

On my 10.5.3 installation this returns ‘root’, so the vulnerability can be used to do anything on the mac. The following code will change the file access permissions of ARDagent

osascript -e ‘tell app “ARDAgent” to do shell script “chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent”‘;

Again this can be copied and pasted into the terminal. Running the first commands again should now return your username rather than ‘root’.

Read the full article at the Washingtonpost.com