“Apple Computer Inc. has quietly patched several security holes in Mac OS X 10.4, also known as "Tiger," including one that allows potentially malicious widgets to be downloaded and installed into Dashboard.
The security patches were released as part of an OS X 10.4.1 update earlier this week, but the company has only just released details of them. The update patches four security holes, the most well-known of which is the problem where widgets—small applications working in the software's Dashboard system—could be downloaded and installed without any specific user confirmation. Under 10.4.1, automatic installation of Widgets is blocked, and users must specifically approve the installation of each Widget.
Although several Web pages appeared that demonstrated how widgets could be installed without user intervention, there have been no reports of malicious widgets being found in the wild. However, because widgets can execute code—including shell scripts—outside the Dashboard environment, the ability for widgets to be downloaded and installed simply by clicking on a Web link looked like a potential route for malware on the platform.…” http://techrepublic.com.com/2100-10595_11-5700982.htmlhttp://concat.blogspot.com/2005/05/mac-malware-door-creaks-open.html
http://www.eweek.com/article2/0,1759,1818272,00.asp
Posts
