Security fears over Tiger's new Dashboard

By Derek Sooman on May 10, 2005, 4:46 AM
Well, its only been about two weeks since the release of Tiger (Mac OS X 10.4) and already there has been some serious security concerns. Yes, the OS that everyone and his granny who had a Mac was ready to swap their first born son for is already showing signs of being just ordinary security hole ridden software like everything else. Overlooking for the moment the number of network security issues that have already been identified, the main concern seems to be over the new dashboard feature, which some are calling "the blueprint for a widget of mass destruction." "Worse than you could imagine", was the verdict of the dashboard from Macworld, who had this to say:

Your initial thought upon hearing about this situation may have been, "Itís just JavaScript. How much damage can it do?" The answer is, a lot Ė widgets arenít just JavaScript, and for those parts that are, Apple has taught JavaScript a few new tricks that Web browsers never dreamt of.

Widgets are owned by the user, and can do anything that a user can do. For instance, they can remove files from your home directory without asking permission. They can run anything from the command line that a user can. They can call any AppleScript that a user can. If youíre now starting to get a little nervous, youíve got the right idea.




User Comments: 1

Got something to say? Post a comment
phantasm66 said:
[quote]Macworld said that it was important to set Safari not to open safe files or not allow it to auto-installing widgets. You should also get a text editor to look inside any widgets before you launch them.[/quote]Yeah, like your average user (never mind, Mac user) is going to do that. Sure thing. This is BAD.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.