To sum it up:<p>* MacOS automatically registers an application as the default handler for any custom URL schemes it declares, as soon as the app is downloaded (this happens automatically when the app hits the hard drive)<p>* Such custom URL schemes linked to malicious app may be opened via javascript automatically on a webpage, leading to the app execution by the system<p>* The system asks for permission to launch the app the first time. The name of the app as displayed in the permission box is app-controlled, so it can spoof its identity or use a cute name with emojis to make it less suspicious (as per the article)
This is a serious issue in Mac OS X but I don’t see how it ties in with the ‘use Google Chrome if you want to be secure’ spiel. Don’t open untrusted archives if you want to be secure would be better, if impractical, advice.
Great research, it's important that macOS security gets some attention as people are lulled too much into a false sense of security nowadays. Also check out the tools on his site. They're great. Always running BlockBlock, this helps a lot.
somewhat related i got a wierd bug on my web page that some links open a new tab and navigates to a seemingly random page from the browser history. but there doesnt seem to be anywhere to report the bug and it has existed for over a year.
> And if you're a Mac user concerned about security, use Google Chrome<p>and surrender your privacy to Google, have no functioning private browsing etc. makes me to rethink about objective-see tools.
> If the Mac user is using Safari, the achieve will be automatically unzipped, as Apple thinks it's wise to automatically open "safe" files. This fact is paramount<p>This hasn't been true for a long time, the automatically open 'safe' files option has been turned off by default for years now.<p>Though the option should be removed all together really.