Focus on Apple
Mac OS X Dashboard Widget Vulnerabilities? Dec 04 2007 07:21PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Over on bugtraq, there's an interesting new thread regarding vulnerabilities in Mac OSX widgets.

http://www.securityfocus.com/archive/1/484542/30/0/threaded
http://www.securityfocus.com/archive/1/484567/30/0/threaded

Essentially, widgets can "relax the Dashboard's JavaScript sandbox to enable the widget.system() call, which indeed amounts to the equivalent of system(3); i.e., if an attacker can take over the widget, the attacker can take over the user's account
(and, quite often, the system)."

 
Security Response Researcher
Focus-Apple Moderator
 
________________________________________
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
________________________________________
Office: 541-335-7441
________________________________________

[ reply ]
Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 01:27PM
Don (drhodes mail colgate edu) (2 replies)
Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 08:48PM
Derek Chesterfield (dez mac com) (1 replies)
Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 11:27PM
Don (drhodes mail colgate edu) (1 replies)
Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 06 2007 09:21PM
Mark Senior (senatorfrog gmail com) (1 replies)
Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 09 2007 10:59PM
Tyrel McMahan (tyrel mcmahan gmail com)
Re: Mac OS X Dashboard Widget Vulnerabilities? Dec 05 2007 06:34PM
Mark Senior (senatorfrog gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus