new exploit in Mac's OSX Tiger, regarding dashboard

[iamme]

http://www.wired.com/news/mac/0,2125,67484,00.html?tw=wn_tophead_2

i don't really follow this area, is this a serious problem?

 

[halik]

Originally posted by: iamme
http://www.wired.com/news/mac/0,2125,67484,00.html?tw=wn_tophead_2

i don't really follow this area, is this a serious problem?

about as serious as clicking on on an exe file link and selecting "always run" ... not a clever idea, but not too cruicial

 

[Kipper]

http://www.macfixit.com/article.php?story=20050510232019747

The fix.

You can also disable widget install entirely somewhat, I forget how.

 

[MercenaryForHire]

Originally posted by: halik

Originally posted by: iamme
http://www.wired.com/news/mac/0,2125,67484,00.html?tw=wn_tophead_2

i don't really follow this area, is this a serious problem?

about as serious as clicking on on an exe file link and selecting "always run" ... not a clever idea, but not too cruicial

... For the convenience of users, most widgets automatically install themselves.

... Dashboard allows any user with basic skills in HTML or JavaScript to build their own widgets.

... Further, there is no immediate way to delete a widget that has been installed.

... Widgets can be removed manually by deleting them from a user's /Library/Widgets/ folder. But that's something many novice Tiger owners may not know how to do.

... warning: following the link in Safari automatically downloads Zaptastic.wdgt

I'd say that giving anyone with HTML/JS skill the ability to transparently load code on your system is a big flaw.

*goes to write PwnZYourMac.wdgt code*

- M4H