Defending against the OS X help: vulnerability
There’s a nasty OS X vulnerability under discussion at the moment which lets a web page execute code on your machine by taking advantage of a flaw in the “help:” protocol. There’s a non-malicious demonstration of the exploit on this page, and Jay Allen is hosting a discussion on the exploit and ways to avoid it.
To save you from digging through the discussion, the quickest way to defend yourself is to install the More Internet preference pane (mount the DMG, then copy the More Internet.prefPane file to your /Library/PreferencePanes folder or run the “install prefpane” script). Then go to system preferences, launch the “More Internet” panel, select the “help” protocol and use the Change button to assign it to some non-harmful application such as Chess (simply deleting the protocols will not solve the problem). While you’re there it’s a good idea to add a new protocol called “disk” and assign it to a non-harmful application as well—this prevents malicious sites from being able to auto-mount networked disk images on your system, something which while not exploitable on its own can be used in conjunction with other exploits (like the help: one) to execute arbitrary code.
For those who are interested, it seems the exploit itself is as simple as this:
<a href="help:runscript=MacHelp.help/Contents/Resources/English.lproj/shrd/OpnApp.scpt string=usr:bin:top">click to run 'top'</a>
More recent articles
- Weeknotes: Parquet in Datasette Lite, various talks, more LLM hacking - 4th June 2023
- It's infuriatingly hard to understand how closed models train on their input - 4th June 2023
- ChatGPT should include inline tips - 30th May 2023
- Lawyer cites fake cases invented by ChatGPT, judge is not amused - 27th May 2023
- llm, ttok and strip-tags - CLI tools for working with ChatGPT and other LLMs - 18th May 2023
- Delimiters won't save you from prompt injection - 11th May 2023
- Weeknotes: sqlite-utils 3.31, download-esm, Python in a sandbox - 10th May 2023
- Leaked Google document: "We Have No Moat, And Neither Does OpenAI" - 4th May 2023
- Midjourney 5.1 - 4th May 2023
- Prompt injection explained, with video, slides, and a transcript - 2nd May 2023