Tiger's Widgets could leave OSX users smarting

Written by Jason Cundall

May 11, 2005 | 13:32

Tags: #osx

Mac users that have upgraded to Tiger - beware of widgets bearing gifts. Several sites on the web have been reporting on the possible use of 'malicious widgets', after Stephan Meyers created a pseudo-malicious widget to hilight the dual issues of OSX's auto installation of the small progettes, and the fact you can't remove them from the dashboard. Wired has this:

A security hole in Dashboard could expose users of Apple Computer's new Tiger operating system to attack, and may put personal information like passwords and credit card data at risk.

A new feature of Mac OS X Tiger, Dashboard is a suite of simple programs called widgets that often access information on the internet. Tiger comes preloaded with 14 widgets, including a world clock, a dictionary and a weather station.

For the convenience of users, most widgets automatically install themselves. But experts fear any program that auto-installs is ripe for exploitation.

More here

Apparently, as a workaround, you can eliminate a rogue widget from your drive by deleting it's file in the the /Library/Widgets/ folder, or you can use the Widget Manager that is mentioned in the article. However, it's not the best situation for many users. After upgrading to Tiger I downloaded widgets left right and centre (I couldn't do without a hula-girl or two on my desktop), but this will make me think twice before downloading any more unless I'm sure of the source. What about you?
Discuss this in the forums
be quiet! Silent Loop 2 360 Review

May 21 2021 | 09:55