It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SCI/TECH: Apple's Vulnerabilities Concerns Continue Despite Patch
page: 10
share:
Apple has patched a vulnerability in its Tiger OS regarding widgets, or small programs that self-install after they have been downloaded, but one
expert claims the problem is not solved. The problem lies with the wording in a display box that indicates that the user is approving a download,
when in fact an installation is being approved. Malicious coders can write widgets that can, using administrative privileges, run undetected in the
background and deliver its malicious code.
news.com.com
Though Apple Computer updated its latest OS this week to solve a security problem with widgets, worries persist that the small applications still pose a potentially serious risk.
Widgets, or small programs that automatically install after downloading, were introduced in Tiger for the Dashboard, which overlays the desktop. An attacker could write a malicious widget for Mac OS X 1.4 Tiger that would run invisibly in the background and hijack a user's "sudo," or administrative, privileges on a system, according to an alert distributed on the Full Disclosure mailing lists late Wednesday. With administrative privileges, the attacker would have full control over the targeted Mac.
On Monday, Apple published the Mac OS X 10.4.1 update to fix an earlier security issue related to the widgets. Before the patch, widgets would download and install without warning. Patched machines display a box that asks the PC user to confirm a download, but don't tell the user that the confirmation also triggers installation of the widget.
While the patch mitigates the risk, security issues remain with widgets, according to Jonathan Zdziarski, a software engineer and author of Wednesday's Full Disclosure posting.
Please visit the link provided for the complete story.
In my reading of late regarding the relative merits of Macs and PCs, it has been noted by some that one of the main problems with PCs is that many people, if not most, surf the web with an administrative account, not understanding the problems that can occur as a result, if malware is downloaded. Apple actually encourages developers to write widgets and over two hundred are available on Apple's web site. It does seem, however, that if Mac users are aware of the risks, they can avert danger by exercising caution.
Related News Links:
news.com.com
news.com.com
[edit on 05/5/20 by GradyPhilpott]
news.com.com
Though Apple Computer updated its latest OS this week to solve a security problem with widgets, worries persist that the small applications still pose a potentially serious risk.
Widgets, or small programs that automatically install after downloading, were introduced in Tiger for the Dashboard, which overlays the desktop. An attacker could write a malicious widget for Mac OS X 1.4 Tiger that would run invisibly in the background and hijack a user's "sudo," or administrative, privileges on a system, according to an alert distributed on the Full Disclosure mailing lists late Wednesday. With administrative privileges, the attacker would have full control over the targeted Mac.
On Monday, Apple published the Mac OS X 10.4.1 update to fix an earlier security issue related to the widgets. Before the patch, widgets would download and install without warning. Patched machines display a box that asks the PC user to confirm a download, but don't tell the user that the confirmation also triggers installation of the widget.
While the patch mitigates the risk, security issues remain with widgets, according to Jonathan Zdziarski, a software engineer and author of Wednesday's Full Disclosure posting.
Please visit the link provided for the complete story.
In my reading of late regarding the relative merits of Macs and PCs, it has been noted by some that one of the main problems with PCs is that many people, if not most, surf the web with an administrative account, not understanding the problems that can occur as a result, if malware is downloaded. Apple actually encourages developers to write widgets and over two hundred are available on Apple's web site. It does seem, however, that if Mac users are aware of the risks, they can avert danger by exercising caution.
Related News Links:
news.com.com
news.com.com
[edit on 05/5/20 by GradyPhilpott]
new topics
-
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 1 hours ago -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 5 hours ago -
Electrical tricks for saving money
Education and Media: 8 hours ago -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 10 hours ago -
Sunak spinning the sickness figures
Other Current Events: 10 hours ago -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 10 hours ago
0