Unsanity releases free utility to fix Mac OS X ‘URL Schemes’ vulnerability

“A vulnerability in Apple’s Mac OS X results in a potential situation in which a malicious person could execute arbitrary commands on your machine, such as deleting your home directory, or doing other harmful actions. This vulnerability involves the use of URL ‘schemes.’ These are the part of a web address that specifies what program should be used to handle the address,” Unsanity’s website reads.

“Paranoid Android can protect you from this potential vulnerability until Apple makes an official fix available. It does this by watching the URL schemes that are requested and delaying them until you’ve had a chance to say whether you’d like to proceed or not. If you know that the url that’s being loaded is legit, go ahead, but if it looks suspicious, Paranoid Android gives you an opportunity to cancel it,” Unsanity writes. “Paranoid Android is completely free – we do this for the benefit of Mac community.”

More info and download link here.

MacDailyNews Note: Tried and tested by MDN, it works as advertised. If you want to use this until Apple’s issues a fix, it can’t hurt.

8 Comments

  1. I agree with MDN, highly recommended app! Best of all, it’s FREE, thanks Unsanity ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  2. One of the recommended fix schemes was to redirect the helper (using something like MisFox) to another application (the Chess app seemed the most popular target). Interestingly, that worked on my two machines running OS X v10.3.3, but the same scheme was blocked when I attempted to apply it to my iBook (running OS X v10.2.8) by a dialog that said Chess was not an appropriate helper application. What surprises me is that I haven’t seen any mention of this observation by anyone else.

  3. I would like to say to MacDailyNews, that these ‘Shoot The Criminal’ adverts, that they have placed in between the article and the comments, are a disgrace to the Mac community.

    1. These ‘promotional’ ads are used to gain personal information, that they use to spam you with in the future, through the deceptive means of convincing you that you have won something.

    2. You never get what it is you are supposed to have won, even after going through ‘All of the 101 necessary steps’ to complete it.

    3. It doesn’t work properly with Apple’s Safari, only M$ IE.

    4. Not a ‘proper’ advert for a Mac site. Period.

    MDN, what are you doing with these on your site?? Stand up and show advertisers and users alike that you hold a higher to the Mac, as all of the rest of us do. There is a reason for this.

  4. Aggravated… just refresh the screen a time or two and the offending advert will go away. MDN has to make their money to pay for the bandwidth some way and when advertisers want to throw money at a site that is getting eyeballs, and those eyeballs aren’t paying a SINGLE Dime, Euro, or whatever to begin with, then I say MDN can have any advertisers they want. I’ll just refresh the screen and let the annoying advert migrate off the page. Simple as that. Until MDN offers a paid version of the site that is void of adverts (probably not something I would be interested in, but apparently you may), then we readers have absolutely no say in what adverts appear, except to navigate to another site and let readership dry up. Braying about it in the comments section will likely only get you a big bronx cheer at best.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.