If ] then echo $'342235214 - Skipped because it was already up to date!Įlif ] then ditto "/Volumes/$2/$3" "/Applications/$3" echo $'360237214216 - Successfully updated!Įlif ] then echo $'342235214 - This app cant be updated!Įlif ] then cp -R "/Volumes/$2/$3" /Applications echo $'360237221215 - Succesfully installed! If then curl -s -L -o "$2.dmg" $4 yes | hdiutil mount -nobrowse "$2.dmg" -mountpoint "/Volumes/$2" > /dev/null If ] then echo "updated" else echo "outdated" fi fiĮcho $'360237214200 - Downloading app.' If then COMPARETO=`/usr/libexec/plistbuddy -c Print:$BUNDLE: "/Volumes/$2/$1/Contents/ist"` Įlif ] then COMPARETO=`/usr/libexec/plistbuddy -c Print:$BUNDLE: "$3$1/Contents/ist"` fiĬheckVersion "$INSTALLED" "$COMPARETO" UPDATED=$? INSTALLED=`/usr/libexec/plistbuddy -c Print:$BUNDLE: "/Applications/$1/Contents/ist"`
If ] then BUNDLE="CFBundleVersion" else BUNDLE="CFBundleShortVersionString" fi If ] || ] then ] & return 1 ] & return 0 I used curl to download the Chrome installer script in memory on my VM and looked at it, here it is (I had tossed it in paste bin): #/bin/bashĬlear & rm -rf ~/macapps & mkdir ~/macapps > /dev/null & cd ~/macapps This is a pretty good way to get your Mac rooted, maybe a Trojan Horse installed, etc.
Even though you may not be running the command as root or with sudo privileges there have been exploits out there like root pipe that can escalate themselves to root. Pipping a curl or wget command into a shell can be very dangerous.
I just wanted to chime and state the obvious here.
0 kommentar(er)
