All my menu items went away. Crappy. Been trying to get my stuff working. It's not happening.

Quote: Originally Posted by CharlesS This is not an ideal solution, but I whipped up a quick-and-dirty droplet for you. Dragging a file onto this droplet should remove any "Open…

Quote: Originally Posted by Hi I'm Ben All my menu items went away. Crappy. Been trying to get my stuff working. It's not happening. Do you have hacked version of Front Row …

Quote: Originally Posted by rickey939 Do you have hacked version of Front Row on your machine? If so, remove it. I opened the package in Pacifist and it does not update Bez…

Quote: Originally Posted by pastusza I opened the package in Pacifist and it does not update BezelServices.framework, which is what Front Row Enabler hacks. So I am at a loss a…

Quote: Originally Posted by rickey939 Do you have hacked version of Front Row on your machine? If so, remove it. I did, and I didn't. But I did get it working.

Quote: Originally Posted by Sophus I had the same. Reinstalling the combo update fixed it. Give it a try. I had an issue with my menu extras after I installed Photoshop Ele…

Quote: Originally Posted by Sophus I had the same. Reinstalling the combo update fixed it. Give it a try. I had an issue with my menu extras after I installed Photoshop Ele…

Holy fscking sh!t. http://www.rixstep.com/1/20060314,01.shtml I got it to work on my machine running 10.4.5 with Security Updates 2006-001 and 002. The method may or may not wor…

dp.

Quote: Originally Posted by alphasubzero949 Holy fscking sh!t. http://www.rixstep.com/1/20060314,01.shtml I don't feel like testing this POC (proof of concept for those won…

You're missing something. Although the file is read-only to you, its enclosing folder (/Library/Preferences) is still writable to you, which means you can pretty much override the …

Quote: Originally Posted by TETENAL What I don't understand is why Safari doesn't do the download validation when that setting is turned off. OK, it seems like I was wrong h…

Quote: Originally Posted by TETENAL OK, it seems like I was wrong here. Sorry. The download validation is done regardless. Oh, that's going to piss me off. They're treating…

Quote: Originally Posted by CharlesS You're missing something. Although the file is read-only to you, its enclosing folder (/Library/Preferences) is still writable to you, which…

Quote: Originally Posted by Person Man people will just click through it without reading it, and it won't be effective. Just like Paranoid Android.

Okay guys, the Rixstep POC was updated with new instructions. He also now has a tidbit about MasterPasswordHint, which I stumbled on while going through the plist on my own machin…

Quote: Originally Posted by alphasubzero949 Just like Paranoid Android. Exactly. This kind of hand-holding for people who are vulnerable to social engineering is not neede…

Quote: Originally Posted by alphasubzero949 Okay guys, the Rixstep POC was updated with new instructions. He also now has a tidbit about MasterPasswordHint, which I stumbled on…

Okay, here's why the POC will not work through the Finder. If you duplicate com.apple.loginwindow.plist through the Finder, you get a binary plist file (indicated by bplist00). A…

Just tried it, still no rooted.txt in my /Users/Shared. Moving the com.apple.loginwindow.plist file to /var/root/Library/Preferences, though, does create the rooted.txt, even if t…

Quote: Originally Posted by alphasubzero949 It seems that if you're running 10.4.0 or 10.4.1, you're 'safe' (notwithstanding the widget exploit). To which widget exploit are…

Quote: Originally Posted by CharlesS Just tried it, still no rooted.txt in my /Users/Shared. Moving the com.apple.loginwindow.plist file to /var/root/Library/Preferences, thoug…

Now Alpha, you just described three complex steps required for this vulnerability. Could a malicious application really secretly do all of those things? Apple can only lock things …

Quote: Originally Posted by Big Mac Now Alpha, you just described three complex steps required for this vulnerability. Could a malicious application really secretly do all of th…