Full Disclosure mailing list archives

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

From: ph0enix <ph0enix () justonemorething org>
Date: Thu, 19 May 2005 14:47:10 +0200

[..] And they run a lot of them. They're not likely to assume thatwidgets can contain trojans or be cautious of what they downloadlike they are regular applications.

well, that is true. Because Dashboard widgets are looking 'cool andsweet', most of the users will not realize that they could containarbitrary code and so some of them are easy victims. Dashboard isreally a cool thing, but Apple also opened Pandora's box with it.




www.osvdb.org -- everything is vulnerable.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability, (continued)
- - - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Graham Reed (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ZATAZ.net (May 18)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
    - Content detection in html payload with snort ? Frederic Charpentier (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Message not available
  - Message not available
    - Message not available
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Ports used by trogens Brian Phillips (May 21)
  - Re: Ports used by trogens Who? (May 21)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)