Security hole bites Apple's Tiger
Latest Widgets handy for hackers
Tom Sanders in California, vnunet.com 11 May 2005
The latest version of Apple's Tiger operating system, OS X 10.4, exposes users to a vulnerability that could lead to data loss, security experts have warned.
The software includes the newly developed version 2.0 of Apple's Safari browser which is preconfigured to allow for software to be installed on a system without any user approval.
This software in turn could delete files, format the hard drive or change user settings to direct the browser to a certain website.
Several proof-of-concept exploits have been published on the web. Users running Tiger are strongly advised not to visit any of the sites that demonstrate how the flaw is exploited, such as Stephan.com.
Systems running Windows or older versions of OS X can open the page without any concern.
The exploit uses Widgets, small Java-based applications that run inside Tiger's Dashboard platform for applications such as the calculator and stock price tickers. Third-party developers can also develop software for the platform.
Widgets are hard to remove once installed. Dashboard does not offer any method of removal, and users will have to manually delete the files from a directory.
Users are also advised to disable the automatic installation for Safari until Apple has published a patch. An alternative is to make the directory containing the Widgets read only.
Apple released OS X 10.4 Tiger in late April. In addition to the Dashboard vulnerability, users have reported security issues with network connections.
website taken :
This really caught my eye when I read vnunet.com on hacking this is really crazy Apple's OS System have been free of virus free from all security threats, this news is really shocking. Is this the developer fault or the testers and researchers fault for being too curious or they had nothing better to do to test out security on Apple.
So its another thing gotta to do with Apple's Safari browser that weaken the entire apple's security system, did they even mention about the previous version of Apple's Safari browser ???
Enjoy reading , trying to contribute tech to make it more lively