Huge security hole in Internet Explorer for MacOS

nulltone

Retired Administrator

Join Date: Sep 2001

Posts: 683
- Share
- Tweet
#1

Huge security hole in Internet Explorer for MacOS

October 3, 2001, 07:50

Internet Explorer 5.1, which comes preinstalled on MacOS X 10.1, has a huge security hole---when it downloads arbitrary programs encoded in the Macintosh's standard BinHex (.hqx) format, it automatically executes them. " Well I guess thats one way to make Unix insecure. Can anyone actually confirm this since it looks kinda sketchy. I wonder what someone's rationale would be for that:"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!".

Taken from slashdot.com
Tags: None
omega884

Member

Join Date: Oct 2001

Posts: 33
- Share
- Tweet
#2

October 25, 2001, 12:00

Solution

Alright, yeah it does look like a security hole, but it really isn't. What internet explorer does is when it downloads a BinHex document, it simply unencodes it into what ever it was supposed to be (usualy a stuffit archive) it does not execute the program contained within the document, therefore the only real exploitation of this would be to write the a virus that looks like a BinHex document to the computer, but executes like an app. Either way, such a file would be detrimental to all computers not just OS X ones.

As for fixing it, all it simply requires is to go into IE's preferences and turn off auto-unencode and auto un-stuff.

"If common sense is so common, why do so few people have it?"

"Reality is an illusion, albeit a persistant one."

LONG LIVE NEXTECH!

Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad! Mantras are bad!
Comment

Announcement

Huge security hole in Internet Explorer for MacOS

Huge security hole in Internet Explorer for MacOS

Comment