If you missed out on the recent Mac security holes, you can find a fairly good, consolidated recap of the entire mess here.

Apple has patched the Safari/Help Viewer/Mac OS X (they have not really been clear on this one) and this article gets into the guts of the issue, it has to do with something called LaunchServices. There are a lot of links to read if you so desire, or you can just get the gist of the many different problems (its not just one) by reading this report.

There are a few things you can do if you are feeling terribly paranoid, you can use RCDefaultApp, Little Snitch, and Paranoid Android.

I realize there is a security risk here, but at what point does this all become irrelevant? Its just like that MP3Concept trojan, if you are going to use it for malicious means, why publish the blueprint? It still is nice to have a community that helps others patch holes even faster then Apple can stop the bleeding. I am glad for the knowledge shared in the Mac community, even if some of it comes over as FUD at times.

And as usual, the folks who post at Slashdot have a great sense of humor:

I've got to hand it to Apple...
"help:runscript=..."
No double-decode, unicode obfuscation, or CMD.EXE parms. Even the exploits are user-friendly!

The Joy of Tech comic is pretty funny too!

Originally posted at Breaking Windows.