« PowerPC Nerds Website | Main | Mac OS X 10.4.1 Released »
May 9, 2005
Widgets a Security Nightmare?
Attack of the malicious widgets? Malicious Web Pages Can Install Dashboard Widgets? How about my personal favorite of Widgets: Tiger's porn scam gateway?
So this guy (warning, it will install a widget if you run Safari in nothing flat) posted an article on how to exploit Dashboard in an instant to install a widget by using a meta
Well duh, why didn't I think of that? Meaning why didn't I think of the security implications of a 'widget' run by the operating system as a mini-applet.
OK, I'll cut myself a little slack in that I'm A) Not a security guru paid to think like a B) Scum-ball.
But god damn. Leave it to some people to figure out a way to use something so fun for something so evil. While I'd like to see Apple have an official response along the lines of 'we tested every known exploit for pop ups and disabled them' but I'm sure they didn't, and they really couldn't. It will be interesting to see if A) Anyone can, or B) Anyone cares enough to write something nasty. Knowing how many MS fans out there really really hate all the Apple love how long before someone writes a widget to nuke your iTunes library?
The best defense right now is to turn off 'open safe files after downloading' it appears. I'd really like to see an Apple response to this though.
Posted by trekkie at May 9, 2005 6:37 PM
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)