Focus on Apple
Mac OS X Dashboard Widget Vulnerabilities? Dec 04 2007 07:21PM
Todd Woodward (todd_woodward symantec com)
Over on bugtraq, there's an interesting new thread regarding vulnerabilities in Mac OSX widgets.

Essentially, widgets can "relax the Dashboard's JavaScript sandbox to enable the widget.system() call, which indeed amounts to the equivalent of system(3); i.e., if an attacker can take over the widget, the attacker can take over the user's account
(and, quite often, the system)."

Security Response Researcher
Focus-Apple Moderator
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
Springfield, Oregon
Office: 541-335-7441

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus