SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apple Dashboard Vendors:   Apple
(Vendor Issues Fix) Mac OS X Dashboard Lets Remote Users Install Widgets Without a Warning Dialog
SecurityTracker Alert ID:  1014465
SecurityTracker URL:  http://securitytracker.com/id/1014465
CVE Reference:   CVE-2005-1474   (Links to External Site)
Date:  Jul 12 2005
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Apple Mac OS X Dashboard. A remote user can bypass a download warning dialog to install potentially malicious Dashboard widgets.

A remote user can create specially crafted HTML that, when loaded by the target user, will download and install arbitrary widgets via Apple Safari without presenting the target user with the Safe Download Validation warning dialog.

Impact:   A remote user can can cause potentially malicious Dashboard widgets to be installed without warning.
Solution:   Apple has issued a fix as part of Mac OS X 10.4.2, available using Software Update, or from Apple Downloads:

http://www.apple.com/support/downloads/

Vendor URL:  docs.info.apple.com/article.html?artnum=301948 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.4

Message History:   This archive entry is a follow-up to the message listed below.
May 20 2005 Mac OS X Dashboard Lets Remote Users Install Widgets Without a Warning Dialog



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC