A letter came in this morning:
Help! I read about some sort of major security hole where people can exploit the Safari help system and drop junk onto my computer? What’s that all about? How can I avoid it being a danger on my computer?
The problem here is that like all Web browsers, Apple’s Safari browser associates different applications with different protocols. Go to a ‘http:’ URL and it’ll act differently than if you go to a ‘mailto’ URL, for example.
In this case, it appears that the Help Viewer with Mac OS X has some unexpected vulnerabilities that some delinquent hackers have realized can be exploited to get onto your computer if you’re running Mac OS X. Obviously not good.
To fix this you need to associate a different application with the “help:” protocol in Safari. Unfortunately, Safari doesn’t let you tweak these so-called protocol helpers so you either need to swoop into the XML preferences file and edit by hand (not recommended!) or install a nice – free – application called MoreInternet from MonkeyFood.com. Install that, then start it from the Apple -> System Preferences menu. Then it’s a breeze; find the “help” protocol and either just delete it (that’s what I did) or associate it with an application other than the Help Viewer (try “Chess” for something amusing).
That should solve the problem until Apple comes up with a more logical fix, like a version of Help Viewer that doesn’t have this vulnerability!
