MacUpdate
Join MacUpdate
New Member

New Developer
Explore
MacUpdate Desktop
Hot Apps

Business
Dashboard
Development
Drivers
Education
MacUpdate Promo
Popular Apps

Games
Home & Personal
Internet
Multimedia & Design
Utilities
iPhone
Apps
Login
Member Login

Developer Login
About
Search Mac Apps

Search iPhone Apps

Advanced Search
Don`t go there GURLfriend!
Don`t go there GURLfriend! 1.1
Your rating: Now say why...

(2) 4.75

Fixes the help:// Safari exploit.   Free
Add to my Watch List
Email me when discounted
  • Download Now
    153 KB
  • Visit Developer's Site
    Isophonic Software
Don't go there GURLfriend! fixes the help:// exploit in Safari which can allow for remote code execution.
What's New
Version 1.1:
  • Patches more occurances of the exploit, making it virtually impossible to use the OpenApp help:// expoit.
  • Now, as an extra security measure, patching will also disable Safari's automatic opening of "Safe" files. The user can turn this potentially dangerous feature back on in the Safari Preferences.
Requirements
PPC, Mac OS X 10.1 or later.






    Be the first to recommend a similar software title.
Don`t go there GUR... User Discussion (Write a Review)
ver. 1.x:
(2)
Your rating: Now say why...
Overall:
(2)

sort: smiles | time
burypromote


Anonymous reviewed on 21 May 2004
Now that apple's released a fix themselves, everyone just click restore at some point, and everything will be as it was. It was a fun ride, and I'm glad to have helped anyone DGTGF helped. Apple's patch seems to be great.
[Version 1.1]


burypromote


Anonymous reviewed on 20 May 2004
(via MacInTouch.com)
The simplest fix for the Help system code execution vulnerability is to run the following in Terminal:

sudo defaults write /System/Library/CoreServices/Help Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'no'

This does not stop disk images from downloading but any malicious payload cannot run without user intervention.
[Version 1.1]


burypromote


Anonymous reviewed on 19 May 2004
Hopefully Apple will fix this properly instead of just patching this particular case, by separating the internet type/resource bindings completely away from launchservices.
[Version 1.1]


burypromote


Anonymous reviewed on 19 May 2004
The only thing you need to do is:

1) Open up your moldy old copy of Explorer 5.2
2) Go to preferences->network->protocol helpers and change it to Finder or Chess or whatever
3) Quit Explorer and go back to Safari
(5/19/2004, Version: 1.1)
[Version 1.1]


burypromote


Anonymous reviewed on 19 May 2004
I woiuldn not be too complacent about using a Mozilla or other non aplle webkit based browser. I use Firefox as my main browser with the stock security settings.

I visited here:

http://bronosky.com/pub/AppleScript.htm

...and up popped the help app, followed by a terminal window executing a command I did not tell it to run.

Do not assume you are safe unless you have checked to see that you are.

Hopefully apple will fix this in a timely fashion before somone nasty decides to do something nasty.
[Version 1.0]

1 Reply

burypromote

Anonymous commented on 19 May 2004
The only thing you need to do is:

1) Open up your moldy old copy of Explorer 5.2
2) Go to preferences->network->protocol helpers and change it to Finder or Chess or whatever
3) Quit Explorer and go back to Safari
burypromote


Anonymous reviewed on 19 May 2004
Guys,

Why don't people just use firefox and disable the helpers in the preferences - I went to the kerberos site mentioned above and all it launched was the help app, not kerberos. I believe that's a fix, no???
[Version 1.0]


burypromote


Anonymous reviewed on 19 May 2004
to see if you are vulnerable, go tho this url:
http://tinyurl.com/2lwzk
if Kerberos launches, you are vulnerable
[Version 1.0]


burypromote


Anonymous reviewed on 18 May 2004
I am looking at this Safari exploit as Mac users usually look at Windows users when struck with Virus. I use Firefox and am in now way affected by this. I'd recommend Firefox to ANYONE over Safari...best browser in any platform...period.
[Version 1.0]

2 Replies

burypromote

Anonymous commented on 19 May 2004
Hey moron - it's fundamental to the Mac OS. Safari, IE, Camino, Firefox, Opera, the works!
burypromote

Anonymous commented on 19 May 2004
Firefox is admittedly a nice browser, but it runs a little slow, at least on my 800MHz iBook.

The latest installment of Camino (0.8b) runs nice and fast.
burypromote


Anonymous reviewed on 18 May 2004
It does what it says. Read the comment below by the developer for extra security.
[Version 1.0]


burypromote


Anonymous reviewed on 18 May 2004
This one only disables a part of the script that runs terminal commands. I wouldn't disable the entire help:// helper entirely, because help viewer and other apps do use it.

I would STRONGLY recommend, in addition, unchecking Open "Safe" Files in Safari's preferences.

If there's anything else you think this app should do, let me know
[Version 1.0]


There are currently no troubleshooting comments. If you are experiencing a problem with this app, please post a comment.

There are currently no ratings. Write a comment or review now.

Downloads:6,587
Version Downloads:2,752
Type:Utilities : Virus
License:Free
Date:19 May 2004
Platform:PPC
Price:Free0.00
Overall (Version 1.x):
Features:
Ease of Use:
Value:
Stability:
Displaying 1-10 of 18
< 1 2 >
-
-
-
Please login or create a new
MacUpdate Member account
to use this feature
Watch Lists are available to
MacUpdate Desktop Members
Upgrade Now
Download and auto-install
using MacUpdate Desktop. Save
time moving folders and cleaning-up.
Don't go there GURLfriend! fixes the help:// exploit in Safari which can allow for remote code execution.
Add/Update Listing About MacUpdate Desktop Career Opportunities RSS Twitter Facebook Advertise Sitemap
Copyright © 2012 MacUpdate LLC


- -