The Safari Shell Script Execution Exploit

Daring Fireball: “The file name extension in this case is a lie. The file is not, in fact, a JPEG image. It’s a shell script. And so when it is ‘opened,’ it’s opened by Terminal because of the ‘usro’ resource, and the shell script is run.”

22 Feb 2006

Archive

© 1995-2014 Ranchero Software, LLC