Malicious Web Pages Can Install Dashboard Widgets

bonch writes "If you're running Safari on OS X Tiger and go to this website, a 'slightly evil' Dashboard widget will be automatically downloaded and installed and can't be removed without manually removing the file from the Library folder and rebooting the computer. The widget is called Zaptastic and is a demonstration by the author of how easy it is to exploit Dashboard for nefarious purposes. The essay, released under the Creative Commons License, goes on to describe the many ways users can be taken advantage of--imagine porn sites auto-installing adware widgets without your knowledge." So if you're on a Mac, it would be smart to view that page with something other than Safari.

There is "K"arma

[Ilgaz]

Here, another proof ;)

Mac users, meh.

[GregoryD]

Windows 95/Internet Explorer here. No problem with installing anything on that page. When will all these Mac users learn?

Switch to Windows, its better, really.

/eat that self-rightous mac nerds, right back at ya! ttttttpppppbbbbbbbbttttt

Re:Serves you right

[EtherAlchemist]

Oh shit, you got me there!

*zing*

I tried to think of a witty remark, but the only one I could come up with at your grade level went something like:

It wasn't a rock, it was your mama.

Re:In soviet russia

[NutscrapeSucks]

I admit that as terrible evil MS Scum, I haven't got around to installing Tiger on my Powerbook yet.

But according to the story, the code automatically runs as soom as the user presses the Fkey or whatever to bring up the Dashboard. I also don't believe it's worse, but it is (depending on implemention details) potentially just as bad as ActiveX. If Apple missed something this obvious, how good is the rest of it?