Update on Dashboard and security risk: why should Dashboard code have root privileges?
Ok, you’ve been using Mac OS X Tiger for a while, maybe you’ve been writing Dashboard widgets for a while or, at least, you’ve been playing with that code…
Some widgets, you may have realized, simply output HTML + CSS stuff just like any other web page, but many other are starting heavy use of low-level functions, command-line instruction and full access to local resources.
Is that correct? Are we facing some trojan-horse widget-related threat?
Read thouroghly this article, and more will follow.
Read here the full story!