Apple Safari file:// Arbitrary Code Execution

Posted by deepcore on October 17, 2011 – 4:58 pm

This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]

More:
Apple Safari file:// Arbitrary Code Execution

Tags: apple-safari, user, victim
This post is under “Apple, exploit, OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Flying Sandals and Bollywood Bombs – Little India http://www.trat.go.th/tmp/ash.html »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Apple Safari file:// Arbitrary Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL