Don`t go there GURLfriend!
Don`t go there GURLfriend!
1.1

4.8

HomeAntivirusDon`t go there GURLfriend!
Don`t go there GURLfriend! free download for Mac

Don`t go there GURLfriend!1.1

19 May 2004

Fixes the help:// Safari exploit.

Overview

Don't go there GURLfriend! fixes the help:// exploit in Safari which can allow for remote code execution.

What's new in Don`t go there GURLfriend!

Version 1.1:
  • Patches more occurances of the exploit, making it virtually impossible to use the OpenApp help:// expoit.
  • Now, as an extra security measure, patching will also disable Safari's automatic opening of "Safe" files. The user can turn this potentially dangerous feature back on in the Safari Preferences.

Related articles

Join over 500,000 subscribers.

Subscribe for our newsletter with best Mac offers from MacUpdate.

How would you rate Don`t go there GURLfriend! app?

19 Reviews of Don`t go there GURLfriend!

4.75
Anonymous
18 May 2004
Version: 1.0

Most helpful

Haven't tried it, but you have to give kudos to the developer for creating this so quickly.
(0)
Regular-Warren
14 August 2012
Version: 1.1
"Don't Go there GURLfriend." Hahaha. 2004 was a magical time for Mac software.
(0)
Anonymous
21 May 2004
Version: 1.1
Now that apple's released a fix themselves, everyone just click restore at some point, and everything will be as it was. It was a fun ride, and I'm glad to have helped anyone DGTGF helped. Apple's patch seems to be great.
(0)
Anonymous
20 May 2004
Version: 1.1
(via MacInTouch.com) The simplest fix for the Help system code execution vulnerability is to run the following in Terminal: sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'no' This does not stop disk images from downloading but any malicious payload cannot run without user intervention.
(0)
Anonymous
19 May 2004
Version: 1.1
Hopefully Apple will fix this properly instead of just patching this particular case, by separating the internet type/resource bindings completely away from launchservices.
(0)
Anonymous
19 May 2004
Version: 1.1
The only thing you need to do is: 1) Open up your moldy old copy of Explorer 5.2 2) Go to preferences->network->protocol helpers and change it to Finder or Chess or whatever 3) Quit Explorer and go back to Safari (5/19/2004, Version: 1.1)
(0)
Anonymous
19 May 2004
Version: 1.0
I woiuldn not be too complacent about using a Mozilla or other non aplle webkit based browser. I use Firefox as my main browser with the stock security settings. I visited here: http://bronosky.com/pub/AppleScript.htm ...and up popped the help app, followed by a terminal window executing a command I did not tell it to run. Do not assume you are safe unless you have checked to see that you are. Hopefully apple will fix this in a timely fashion before somone nasty decides to do something nasty.
(0)
Show comment (1)
Anonymous
19 May 2004
Version: 1.0
Guys, Why don't people just use firefox and disable the helpers in the preferences - I went to the kerberos site mentioned above and all it launched was the help app, not kerberos. I believe that's a fix, no???
(0)
Anonymous
19 May 2004
Version: 1.0
to see if you are vulnerable, go tho this url: http://tinyurl.com/2lwzk if Kerberos launches, you are vulnerable
(0)
Anonymous
19 May 2004
Version: 1.0
I am looking at this Safari exploit as Mac users usually look at Windows users when struck with Virus. I use Firefox and am in now way affected by this. I'd recommend Firefox to ANYONE over Safari...best browser in any platform...period.
(0)
Show comments (2)
4.75
Anonymous
19 May 2004
Version: 1.0
It does what it says. Read the comment below by the developer for extra security.
(0)
Anonymous
18 May 2004
Version: 1.0
This one only disables a part of the script that runs terminal commands. I wouldn't disable the entire help:// helper entirely, because help viewer and other apps do use it. I would STRONGLY recommend, in addition, unchecking Open "Safe" Files in Safari's preferences. If there's anything else you think this app should do, let me know
(0)
leoofborg
18 May 2004
Version: 1.0
No, gostcoder, this is a very big deal. The problem is that you can also invoke shell commands. Most X users stay out of the shell and this is a bad thing. So when the 'sploit is run with the shell command: /bin/rm -Rf * Most users won't understand when a term window comes up, and in their name removes, recursively, all their stuff, wtf happened. The help:// uri can be masked by long URLs, hex coding, and other mischief. We should all take this seriously. And Apple SHOULD move their collective *sses.
(0)
Anonymous
18 May 2004
Version: 1.0
Interesting. This is about as big a security issue as clicking file:///Applications/iTunes.app is a "security issue". Worst thing this "security hole" can do is open files already on your computer, such as you web browser and other benign files. So it can launch the program for you. Even if a website downloaded a file to your computer, the URL call to launch the file would need to contain the path to the user's downloads folder of which there is no way to obtain through remote means. Sounds rather like the MP3concept scare. Just more BS to push a product and freak users out. Nothing to see here people, go back to downloading games and going about your lives.
(0)
Peter da Silva
18 May 2004
Version: 1.0
I have been warning people for months that Apple's increasing integration of Safari into the OS is a bad idea, and likely to lead to the same kinds of problems that Microsoft has been having in the past 5-10 years with Outlook- and IE- based exploits, and nobody listened. Well, here you have it. Apple: cut this out, make Safari just another application, get rid of most of the "convenience" helper apps and the automatic opening of "safe" documents, get rid of Internet Enabled Disk Images, remove FTP support from Finder, and make Safari responsible for its own FTP access. Otherwise you'll end up in the same swamp as Microsoft.
(0)
Show comments (4)
Anonymous
18 May 2004
Version: 1.0
Thanks for the effort, but I disagree that modifying the one copy of OpnApp.scpt inside of Help Viewer fixes the problem. in Terminal... locate OpnApp.scpt | wc -l ...finds 97 copies of OpnApp.scpt on my system. And I custom-installed Mac OS X with only 3 or 4 of the international languages. If you installed all 15 (the default), you have hundreds more. In predictable locations. And let's not limit ourselves to OpnApp.scpt, we can run any script on your machine. If you clicked on this in your WebKit-enabled page-renderer (e.g. Safari), you would run the Current Date & Time script: help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt Maybe the scripts on your machine are mostly harmless. Then instead we could run one which is delivered to you on a tiny disk image from a web page, which Safari was nice enough to open automatically. Now since we know its path as well, the next link you could click on that webpage could be... help:runscript=/Volumes/DownloadMe/LetsWipeYourDriveHaHa.scpt This exploit requires a more thorough solution that altering a single instance of OpnApp.scpt. Until Apple has a real fix for this, strongly consider redirecting the help: protocol on your machine with a tool like Misfox or Default Apps Preference Pane away from the Help Viewer to an app that won't try to run these scripts. Chess, perhaps. More info: http://forums.macnn.com/showthread.php?s=119f7044429bb4d5788ef6323f4f4e6d&threadid=213043&perpage=50&pagenumber=1
(0)
Anonymous
18 May 2004
Version: 1.0
Actually this has little to do with the "Help Viewer" and is almost entirely a problem of the "OpnApp.scpt" script, which you can find by Cmd clicking on this link: file:///Library/Documentation/Help/MacHelp.help/Contents/Resources/English.lproj/shrd/ (Sorry for being "English" centric). The easyest way to fix this is by re-naming the "OpnApp.scpt" to sat something like "(dont)OpnApp.scpt. That way when Apple releases a fix you will not looses the functionality. If you do not want this functionality just delete it. You should how ever make sure what ever you do you do it to ALL the languages that are included in the "MacHelp.help" package. After you "dump" the "OpnApp" script it may still open the Help Viewer but no script will run. BTW you could also just dump the Help Viewer if your a Mac GOD and never use it. :-)
(0)
Anonymous
18 May 2004
Version: 1.0
Would the developer mind telling us what is being changed to fix this? I'm very hesitant to install thrid party fixes to my system without documentation. Whats to stop someone from releasing an app that fixes security issues with HTTP access by perminantly removing the personal web sharing, or "fixes" all Mac OS X bugs simply be deleting the Mac OS? Granted, the issue needs to be addressed, but I'd appreciate knowing exactly what this app changes on my system, what the effect of that change is, and if it is reversable without major trouble or system re-install.
(0)
Anonymous
18 May 2004
Version: 1.0
Could somebody try this and confirm that it isn't malware? Also, I can confirm that the exploit works with the Firefox browser.
(0)
4.75
Anonymous
18 May 2004
Version: 1.0
Haven't tried it, but you have to give kudos to the developer for creating this so quickly.
(0)
Show comment (1)