Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

URL detection flaw causes OS X apps to crash

Marco Tabini | Feb. 5, 2013
Over the weekend, reports of a rather curious OS X bug were reported with a mixture of amusement and surprise. Affecting only recent versions of Mountain Lion--including, according to some reports, as-yet unreleased betas of the operating system--the bug manifests itself in the form of a crash every time you type File:/// (with an uppercase F) inside most standard text input controls like those you can find in a Web form or in text editors like TextEdit.

How bad is it?

The good news is that this bug is simply the result of an overzealous attempt at keeping your operating system secure: The crash occurs because the operating system incorrectly believes that a file URL that starts with an uppercase character is invalid and has somehow managed to slip through the regular data detection routines. Under normal circumstances, this would be a last-resort attempt at preventing bad data from making its way into an app and wreaking havoc; thus, the crash does not open the door to security vulnerabilities or create any significant attack vectors that could be used by would-be hackers.

The bad news is that this bug is very pervasive: It affects just about any app that makes use of data validators, and that includes... well, pretty much every major app you have running on your Mac, from the Finder to Safari. And, while your hard drive won't go up in smoke because of it, an untimely crash could easily lead to the loss of precious data--hardly the kind of user experience any of us would want.

Luckily, the problem is somewhat mitigated by the fact that most users are unlikely to use file URLs, and even those who do are much more likely to use the lowercase variant. Thus, despite all the publicity it's receiving, the bug's occurrence in real-life usage is probably fairly rare, which explains why it took so long for it to surface.

Ultimately, it's a fair bet that Apple will fix everything in an upcoming release of Mountain Lion; in the meantime, however, you can turn off the affected code by visiting the Language and Text pane in System Preferences; disabling both "Use symbol and text substitution" and "Correct spelling automatically" in the Text tab will prevent the bug from occurring, albeit at the cost of losing access to two useful operating system features.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.