If you browse the internet (since you read this, that means you), watch out for the latest OS X exploit. It seems to only be a problem in Panther. The help: protocol can be abused to launch AppleScripts. Why is this bad? Terminal commands can be called from AppleScript. In other words, simply visiting a web page can do serious damage. A proof of concept (harmless, but scary) is located here. What can you do? Download an application like More Internet or GURLfriend and remap the help protocol. If you have any tips, please leave a comment.

Update: NetNewsWire might also be affected, though it is rare you would subscribe to a feed that wants to erase your hard drive.




Note: We have not yet seen this exploit used in the field to cause damage, but you should still take the matter seriously. Especially if you frequent web pages that you have not been to before or are not run by responsible publishers.