The latest update to OSX
may have closed some issues with Tiger's widgetry, but concerns still abound over the self contained applications ability to take control of a users' admin privileges on the targeted Mac, according to reports:
Widgets, or small programs that automatically install after downloading, were introduced in Tiger for the Dashboard, which overlays the desktop. An attacker could write a malicious widget for Mac OS X 1.4 Tiger that would run invisibly in the background and hijack a user's "sudo," or administrative, privileges on a system, according to an alert distributed on the Full Disclosure mailing lists late Wednesday. With administrative privileges, the attacker would have full control over the targeted Mac.
More from news.com
Why, exactly, would a widget ever
need administration rights / privileges? And with that in mind, why have Apple allowed it? I've got to agree with Zdziarski on this - it's an issue that should have been addressed in the previous security release. What say you