If a user initiates an installer, then the installer can put a "library" into the "home" Library (or System Library, _IF_ the user verifies the install with an admin password). The "library" file, which could be called every time the newly installed prog runs, could cause another prog to run. This is not thought of as a flaw, since all installers must be initiated to work, and many programs require "libraries" to work. If an installer could be run without any user (inter)action, then perhaps there is reason to be concerned. Otherwise, this is just user-error...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/366/1550#1550