Posted on 04/30/2005 1:52:59 PM PDT by Swordmaker
Nope, I'm saying all Mac using girls are pretty!
This widget exploit seems pretty serious. To sum up, Safari can be made to install widgets without prompting, the widget can make calls to the system, e.g. deleting your home directory, and you won't be warned that the widget contains code that makes system calls. And, there is no widget management or inspector utility. Seems like the same mistake that microsoft made with tying the browser too closely with the OS. On the plus side I would imagine that it would be pretty easy to fix these vulnerabilities and would expect an update to be available soon.
Not quite right. While everything you said is apparently true, there is one more step... after the widget is downloaded and installed in the Macintosh HD/Library/Widgets/ folder, the USER MUST drag it from the widgets dock and place it on the Dashboard for it to be invoked... and then agree to run it for the first time. Only then can its malicious intent be realized.
I'm glad to see the way this issue has turned out.
I'm also gratified to see general_re has taken a leading role in informing and helping the Mac community resolve what could be a serious problem in the future.
Thanks general!
I look forward to Apple resolving this one quickly. I don't think anything should be downloaded just by visiting a website - a warning pop-up should give the user control over all download scenarios.
Yeah, right. Since most Mac users are the uber-liberal-earthy-crunchy types, I'd guess that most of them don't bathe regularly, don't shave, etc... Definitely NOT pretty.
Welll then, looks like you should refrain from buying your own bull___t, now doesn't it?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.