On Wed, 11 May 2005 09:43:35 -0700
sai tsui <stsui@berkeley.edu> wrote:
> Tiger users,
>
> This is posted today:
>
> http://www.vnunet.com/news/1162958
In summary, when using Apple's Safari browser under Mac
OS X 10.4 ("Tiger"), it is possible for Dashboard Widgets
to be automatically downloaded and installed into the
Dashboard, whereupon an unsuspecting user might then
manually launch the newly-installed Widget, potentially
executing malicious code.
One discussion of potential mitigation measures, until
this issue is addressed by Apple, appears under the
"Dashboard" subhead in:
http://www.macintouch.com/tiger11.html
Incidentally, the author of the vunet.com article above
incorrectly stated that Widgets are "small Java-based
applications." They are not: by default, Widgets are
created using JavaScript, HTML, and CSS, although it
appears to be possible to invoke command-line utilities,
as well as programs and scripts written in any arbitrary
languages, from within Widgets.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Wed May 11 10:20:38 2005
This archive was generated by hypermail 2.1.8 : Wed May 11 2005 - 10:20:38 PDT