Well, its only been about two weeks since the release of Tiger (Mac OS X 10.4) and already there has been some serious security concerns. Yes, the OS that everyone and his granny who had a Mac was ready to swap their first born son for is already showing signs of being just ordinary security hole ridden software like everything else. Overlooking for the moment the number of network security issues that have already been identified, the main concern seems to be over the new dashboard feature, which some are calling "the blueprint for a widget of mass destruction." "Worse than you could imagine", was the verdict of the dashboard from Macworld, who had this to say:
Your initial thought upon hearing about this situation may have been, "It's just JavaScript. How much damage can it do?" The answer is, a lot - widgets aren't just JavaScript, and for those parts that are, Apple has taught JavaScript a few new tricks that Web browsers never dreamt of.
Widgets are owned by the user, and can do anything that a user can do. For instance, they can remove files from your home directory without asking permission. They can run anything from the command line that a user can. They can call any AppleScript that a user can. If you're now starting to get a little nervous, you've got the right idea.