SecurityFocus

Mac OS X Dashboard Widget Vulnerabilities? Dec 04 2007 07:21PM
Todd Woodward (todd_woodward symantec com) (1 replies)

Over on bugtraq, there's an interesting new thread regarding vulnerabilities in Mac OSX widgets.

http://www.securityfocus.com/archive/1/484542/30/0/threaded
http://www.securityfocus.com/archive/1/484567/30/0/threaded

Essentially, widgets can "relax the Dashboard's JavaScript sandbox to enable the widget.system() call, which indeed amounts to the equivalent of system(3); i.e., if an attacker can take over the widget, the attacker can take over the user's account
(and, quite often, the system)."

Security Response Researcher
Focus-Apple Moderator

________________________________________
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
________________________________________
Office: 541-335-7441
________________________________________

[ reply ]

Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 01:27PM
Don (drhodes mail colgate edu) (2 replies)

Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 08:48PM
Derek Chesterfield (dez mac com) (1 replies)

Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 11:27PM
Don (drhodes mail colgate edu) (1 replies)

Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 06 2007 09:21PM
Mark Senior (senatorfrog gmail com) (1 replies)

Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 09 2007 10:59PM
Tyrel McMahan (tyrel mcmahan gmail com)

Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 06:34PM
Mark Senior (senatorfrog gmail com)