Keep your data private! Install Clario for mobile and desktop.
Try NowAd
Don`t go there GURLfriend!
Don`t go there GURLfriend!
1.1
4.8
0.0
HomeAntivirusDon`t go there GURLfriend!
Don`t go there GURLfriend! free download for Mac

Don`t go there GURLfriend! for Mac1.1

19 May 2004

Fixes the help:// Safari exploit.

What is Don`t go there GURLfriend! for Mac

Don't go there GURLfriend! fixes the help:// exploit in Safari which can allow for remote code execution.

What's new in Don`t go there GURLfriend!

Version 1.1:
  • Patches more occurances of the exploit, making it virtually impossible to use the OpenApp help:// expoit.
  • Now, as an extra security measure, patching will also disable Safari's automatic opening of "Safe" files. The user can turn this potentially dangerous feature back on in the Safari Preferences.
Try our new feature and write a detailed review about Don`t go there GURLfriend!. All reviews will be posted soon.
Write your thoughts in our old-fashioned comment
MacUpdate Comment Policy. We strongly recommend leaving comments, however comments with abusive words, bullying, personal attacks of any type will be moderated.
0.0
(0 Reviews of )
There are no reviews yet
Regular-Warren
Regular-Warren
Aug 14 2012
1.1
0.0
Aug 14 2012
0.0
Version: 1.1
"Don't Go there GURLfriend." Hahaha. 2004 was a magical time for Mac software.
Guest
Guest
May 21 2004
1.1
4.8
May 21 2004
4.8
Version: 1.1
Now that apple's released a fix themselves, everyone just click restore at some point, and everything will be as it was. It was a fun ride, and I'm glad to have helped anyone DGTGF helped. Apple's patch seems to be great.
Guest
Guest
May 20 2004
1.1
4.8
May 20 2004
4.8
Version: 1.1
(via MacInTouch.com) The simplest fix for the Help system code execution vulnerability is to run the following in Terminal: sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'no' This does not stop disk images from downloading but any malicious payload cannot run without user intervention.
Guest
Guest
May 19 2004
1.1
4.8
May 19 2004
4.8
Version: 1.1
Hopefully Apple will fix this properly instead of just patching this particular case, by separating the internet type/resource bindings completely away from launchservices.
Guest
Guest
May 19 2004
1.1
4.8
May 19 2004
4.8
Version: 1.1
The only thing you need to do is: 1) Open up your moldy old copy of Explorer 5.2 2) Go to preferences->network->protocol helpers and change it to Finder or Chess or whatever 3) Quit Explorer and go back to Safari (5/19/2004, Version: 1.1)
Guest
Guest
May 19 2004
1.0
4.8
May 19 2004
4.8
Version: 1.0
I woiuldn not be too complacent about using a Mozilla or other non aplle webkit based browser. I use Firefox as my main browser with the stock security settings. I visited here: http://bronosky.com/pub/AppleScript.htm ...and up popped the help app, followed by a terminal window executing a command I did not tell it to run. Do not assume you are safe unless you have checked to see that you are. Hopefully apple will fix this in a timely fashion before somone nasty decides to do something nasty.
Guest
Guest
May 19 2004
1.0
4.8
May 19 2004
4.8
Version: 1.0
Guys, Why don't people just use firefox and disable the helpers in the preferences - I went to the kerberos site mentioned above and all it launched was the help app, not kerberos. I believe that's a fix, no???
Guest
Guest
May 19 2004
1.0
4.8
May 19 2004
4.8
Version: 1.0
to see if you are vulnerable, go tho this url: http://tinyurl.com/2lwzk if Kerberos launches, you are vulnerable
Guest
Guest
May 19 2004
1.0
4.8
May 19 2004
4.8
Version: 1.0
I am looking at this Safari exploit as Mac users usually look at Windows users when struck with Virus. I use Firefox and am in now way affected by this. I'd recommend Firefox to ANYONE over Safari...best browser in any platform...period.
Guest
Guest
May 19 2004
1.0
4.8
May 19 2004
4.8
Version: 1.0
It does what it says. Read the comment below by the developer for extra security.
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
This one only disables a part of the script that runs terminal commands. I wouldn't disable the entire help:// helper entirely, because help viewer and other apps do use it. I would STRONGLY recommend, in addition, unchecking Open "Safe" Files in Safari's preferences. If there's anything else you think this app should do, let me know
Guest
Guest
May 18 2004
1.0
0.0
May 18 2004
0.0
Version: 1.0
No, gostcoder, this is a very big deal. The problem is that you can also invoke shell commands. Most X users stay out of the shell and this is a bad thing. So when the 'sploit is run with the shell command: /bin/rm -Rf * Most users won't understand when a term window comes up, and in their name removes, recursively, all their stuff, wtf happened. The help:// uri can be masked by long URLs, hex coding, and other mischief. We should all take this seriously. And Apple SHOULD move their collective *sses.
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
Interesting. This is about as big a security issue as clicking file:///Applications/iTunes.app is a "security issue". Worst thing this "security hole" can do is open files already on your computer, such as you web browser and other benign files. So it can launch the program for you. Even if a website downloaded a file to your computer, the URL call to launch the file would need to contain the path to the user's downloads folder of which there is no way to obtain through remote means. Sounds rather like the MP3concept scare. Just more BS to push a product and freak users out. Nothing to see here people, go back to downloading games and going about your lives.
Guest
Guest
May 18 2004
1.0
0.0
May 18 2004
0.0
Version: 1.0
I have been warning people for months that Apple's increasing integration of Safari into the OS is a bad idea, and likely to lead to the same kinds of problems that Microsoft has been having in the past 5-10 years with Outlook- and IE- based exploits, and nobody listened. Well, here you have it. Apple: cut this out, make Safari just another application, get rid of most of the "convenience" helper apps and the automatic opening of "safe" documents, get rid of Internet Enabled Disk Images, remove FTP support from Finder, and make Safari responsible for its own FTP access. Otherwise you'll end up in the same swamp as Microsoft.
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
Thanks for the effort, but I disagree that modifying the one copy of OpnApp.scpt inside of Help Viewer fixes the problem. in Terminal... locate OpnApp.scpt | wc -l ...finds 97 copies of OpnApp.scpt on my system. And I custom-installed Mac OS X with only 3 or 4 of the international languages. If you installed all 15 (the default), you have hundreds more. In predictable locations. And let's not limit ourselves to OpnApp.scpt, we can run any script on your machine. If you clicked on this in your WebKit-enabled page-renderer (e.g. Safari), you would run the Current Date & Time script: help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt Maybe the scripts on your machine are mostly harmless. Then instead we could run one which is delivered to you on a tiny disk image from a web page, which Safari was nice enough to open automatically. Now since we know its path as well, the next link you could click on that webpage could be... help:runscript=/Volumes/DownloadMe/LetsWipeYourDriveHaHa.scpt This exploit requires a more thorough solution that altering a single instance of OpnApp.scpt. Until Apple has a real fix for this, strongly consider redirecting the help: protocol on your machine with a tool like Misfox or Default Apps Preference Pane away from the Help Viewer to an app that won't try to run these scripts. Chess, perhaps. More info: http://forums.macnn.com/showthread.php?s=119f7044429bb4d5788ef6323f4f4e6d&threadid=213043&perpage=50&pagenumber=1
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
Actually this has little to do with the "Help Viewer" and is almost entirely a problem of the "OpnApp.scpt" script, which you can find by Cmd clicking on this link: file:///Library/Documentation/Help/MacHelp.help/Contents/Resources/English.lproj/shrd/ (Sorry for being "English" centric). The easyest way to fix this is by re-naming the "OpnApp.scpt" to sat something like "(dont)OpnApp.scpt. That way when Apple releases a fix you will not looses the functionality. If you do not want this functionality just delete it. You should how ever make sure what ever you do you do it to ALL the languages that are included in the "MacHelp.help" package. After you "dump" the "OpnApp" script it may still open the Help Viewer but no script will run. BTW you could also just dump the Help Viewer if your a Mac GOD and never use it. :-)
Sherlock42
Sherlock42
May 18 2004
1.0
0.0
May 18 2004
0.0
Version: 1.0
For an alternate way of fixing this vulnerability, get the "More Internet" preference pane (from elsewhere on MacUpdate), and use it to associate the "help:" protocol with a text editor, such as SubEthaEdit. That defuses the exploit in question.
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
Would the developer mind telling us what is being changed to fix this? I'm very hesitant to install thrid party fixes to my system without documentation. Whats to stop someone from releasing an app that fixes security issues with HTTP access by perminantly removing the personal web sharing, or "fixes" all Mac OS X bugs simply be deleting the Mac OS? Granted, the issue needs to be addressed, but I'd appreciate knowing exactly what this app changes on my system, what the effect of that change is, and if it is reversable without major trouble or system re-install.
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
Could somebody try this and confirm that it isn't malware? Also, I can confirm that the exploit works with the Firefox browser.
Wormwood
Wormwood
May 18 2004
1.0
0.0
May 18 2004
0.0
Version: 1.0
For the record, this issue doesn't effect just Safari. I've seen the Help Viewer get invoked by Netscape on OS 9 systems even. (Though the payload obviously fails on such systems...) This is actually an oversight (not really a "flaw" per se) in the design of the Internet Config system. Any web browser or 'Net client that honors the "help:" handler is going to be bit by this. This looks to be the first "serious" exploit that can harm OS X.
Guest
Guest
May 18 2004
1.0
4.8
May 18 2004
4.8
Version: 1.0
Haven't tried it, but you have to give kudos to the developer for creating this so quickly.
Free
4.8
0.0
App requirements: 
  • PPC 32
  • Mac OS X 10.1.5 or later
This app is no longer supported by it's developer. You can find similar apps here.

Downloaded & Installed 6,642 times

How would you rate Don`t go there GURLfriend!?
Similar apps
Be the first one to propose an app
similar to Don`t go there GURLfriend!.