From: Mikael Hansen (mikaelh@uclink4.berkeley.edu)
Date: Tue Jun 12 2001 - 12:55:29 PDT
At 12:10 PM -0700 6/12/01, Aron Roberts wrote:
>Why is this of significance?
>----------------------------
>To my knowledge, this is the first widely-reported attack on
>Macintosh computers based on an AppleScript script.
If I have read the web buzzing correctly, the Simpsons virus is an
AppleScript run-only application and is therefore as such to the user
really no different from an application written in C. I don't believe
this situation is about running script source on-the-fly, which would
require some sort of script compiler mechanism, e.g. the user
pressing the Run button in Script Editor or another application that
would do it automatically.
I think it's good to have AppleScript as a part of the Mac OS and
good that an AppleScript can be written in a matter of minutes. I
think it's bad though when you have e-mail client software that
becomes less secure, if it lets lots of HTML things happen on-the-fly
without the user being much aware of it, by implementing
functionality without adequate respect for vulnerability.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.
This archive was generated by hypermail 2b29 : Tue Jun 12 2001 - 13:22:17 PDT