Mac OSX and Linux found vulnerable to URI flaws

Recently Microsoft announced that it would release necessary patches for a vulnerability related to the URI (uniform resource identifier) protocol handling technology. The problem lies in the way applications, such as Adobe Acrobat, are executed by browsers. Even though Microsoft's original stance was that the creators of applications in question should be held accountable for the issues, a few days ago they agreed that they should act as well. In later news, Windows might not be the only Operating system succeptible to the URI problem. A security researcher by the name of Nathan McFetters has found a potential way to exploit the vulnerability in Mac OS X and Linux as well.

These operating systems also use the URI protocol handling technology to open applications via browsers. One of the more popular of these protocols is mailto, an email client, but there are others as well, since any developer can register their program with the Operating system. This is a risky state: many of these applications are executed without checks on the way this is done and, of course, without proper security.

To further the issue, URIs don't necessarilly have to allow infection per se, but a badly registered one may lead to hackers gaining access to sensitive information, thus making it a serious threat to privacy.

Flaws in relation to URI have been found in other prominent programs as well, the list includes Microsoft Outlook 2000, Firefox 2.0.0.5, Picasa and, as mentioned before, some applications by Adobe.


Files
Software
Compare
Like us on Facebook