On Jan 24, 2014, at 9:02 PM, Kyle Sluder <k...@ksluder.com> wrote: >> On Jan 24, 2014, at 5:27 PM, Charles Srstka <cocoa...@charlessoft.com> wrote: >> >> Well, that's for a good reason, you see. If your app were able to change >> users' preferences, it might be able to... erm... take over... uh... file >> associations. >> >> Hrm. > > You don’t see that as a problem? > > Install SuperFunGame from the App Store. It associates itself with the > com.intuit.QuickBooks UTI. Next time you double-click your QuickBooks file in > Finder, SuperFunGame gets the `open` event, and takes the liberty of sending > home all your employees’ Social Security numbers before re-opening the file > in QuickBooks. > > Seem far-fetched? Well, the Internet Security 2003 malware for Windows does > the exact same thing, except for *all executables* on the system: > http://malwaretips.com/blogs/internet-security-2013-virus/ > > --Kyle Sluder
Of course it's a problem; I was being more than a little facetious there. If you read the thread, you'll see that we've been talking about a way to take over file associations that's so easy to do, you can do it by accident — even if sandboxed. I don't use QuickBooks, but given how horribly out of date certain other Intuit products tend to be on the Mac, I wouldn't be one bit surprised if it were registering its document types via extension instead of UTI, and even if it doesn't, there's probably some older version that some users have that does, or perhaps there's some other application on the hard drive that's using filename extensions somewhere that's also in charge of some data you wouldn't want to leak out. All HappyFunGame has to do is register for a UTI for that type (defining one if it doesn't already exist for that extension) and LaunchServices will go "Oh, LegitApp registers for the extension, HappyFunGame registers for the UTI — better give it to HappyFunGame!" The thing that's disturbing is that you can do this; the thing that's irritating is that if you do this accidentally, you're prevented from undoing it by the very mechanism that was supposed to stop you from doing it in the first place. Charles _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
