Widget Worries Persist for Apple

Written by Jason Cundall

May 23, 2005 | 13:12

Tags: #widgets

Companies: #apple

The latest update to OSX may have closed some issues with Tiger's widgetry, but concerns still abound over the self contained applications ability to take control of a users' admin privileges on the targeted Mac, according to reports:

Widgets, or small programs that automatically install after downloading, were introduced in Tiger for the Dashboard, which overlays the desktop. An attacker could write a malicious widget for Mac OS X 1.4 Tiger that would run invisibly in the background and hijack a user's "sudo," or administrative, privileges on a system, according to an alert distributed on the Full Disclosure mailing lists late Wednesday. With administrative privileges, the attacker would have full control over the targeted Mac.

More from news.com

Why, exactly, would a widget ever need administration rights / privileges? And with that in mind, why have Apple allowed it? I've got to agree with Zdziarski on this - it's an issue that should have been addressed in the previous security release. What say you?
Discuss this in the forums
Mod of the Month November 2020 in Association with Corsair

December 11 2020 | 17:30