Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple To Patch Dashboard Vulnerability

Posted by Zonk on from the spackle-makes-a-world-of-difference dept.

bonch writes "Apple has quickly patched a previously reported security hole that allows websites to auto-install potentially malicious widgets without prompting the user. The fix is one of over three dozen miscellanous fixes to be included in OS X 10.4.1, code-named 'Atlanta', and may appear by the end of the week. Users will now be prompted before a widget downloads to their hard drive."

2 of 99 comments (clear)

  1. Re:They should post an advisory by allgood2 · · Score: 4, Informative

    Apple's already warned users about the "run safe files" function before. The warning indicated that average users should turn the function off, unless you ONLY downloaded files from known, "safe" sites. I had thought that they had released an update that had switch the default in Safari to remove the check from the "open safe files" box, but either Tiger changed that, or I was wrong.

  2. Re:If we were a Mac house... by remahl · · Score: 4, Informative
    when run in Dashboard they have all the same capabilities as local apps and need to be treated like any other applications.

    They don't actually. They only get complete system access after the user has acknowledged that the widget is being run for the first time.