We have just learned that there is a Dashboard exploit currently doing the rounds that should concern all Tiger OS X users. In an article posted on stephan.com, there are details showing how malicious Dashboard widgets can be downloaded and installed on your Mac, automatically, without knowledge or consent from the user.
Safari, the native browser in the latest release of OS X, codenamed Tiger, will accept widget files from web pages and install them into dashboard. To secure yourself from rogue widgets you can turn off the option to "Open safe files after downloading" in Safari’s preferences.
The full article on the various vulnerabilities in Dashboard can be found over here
. Please note that this page demonstrates the exploit by attempting to install a safe widget on your system.
Discuss this news in our forums