[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

To: Jonathan Zdziarski <jonathan@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: ph0enix <ph0enix@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 May 2005 14:47:10 +0200

[..] And they run a lot of them. They're not likely to assume that widgets can contain trojans or be cautious of what they download like they are regular applications.

well, that is true. Because Dashboard widgets are looking 'cool and sweet', most of the users will not realize that they could contain arbitrary code and so some of them are easy victims. Dashboard is really a cool thing, but Apple also opened Pandora's box with it.

www.osvdb.org -- everything is vulnerable.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: ph0enix
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: ph0enix
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski

Prev by Date: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Next by Date: [Full-disclosure] RE: Security issue in Microsoft Outlook
Previous by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Next by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Index(es):
- Date
- Thread