Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: Swordmaker

This widget exploit seems pretty serious. To sum up, Safari can be made to install widgets without prompting, the widget can make calls to the system, e.g. deleting your home directory, and you won't be warned that the widget contains code that makes system calls. And, there is no widget management or inspector utility. Seems like the same mistake that microsoft made with tying the browser too closely with the OS. On the plus side I would imagine that it would be pretty easy to fix these vulnerabilities and would expect an update to be available soon.


42 posted on 05/09/2005 10:02:10 AM PDT by byset
[ Post Reply | Private Reply | To 27 | View Replies ]


To: byset
To sum up, Safari can be made to install widgets without prompting, the widget can make calls to the system, e.g. deleting your home directory, and you won't be warned that the widget contains code that makes system calls.

Not quite right. While everything you said is apparently true, there is one more step... after the widget is downloaded and installed in the Macintosh HD/Library/Widgets/ folder, the USER MUST drag it from the widgets dock and place it on the Dashboard for it to be invoked... and then agree to run it for the first time. Only then can its malicious intent be realized.

43 posted on 05/09/2005 12:00:46 PM PDT by Swordmaker (tagline now open, please ring bell.)
[ Post Reply | Private Reply | To 42 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson