Developer demos 'exploit' in Tiger's Dashboard

Hey this sounds awful, except...

1. Turn off automatic open in safari 2. Safari tells you that you're about to open an application, "Do you want to open this?"

Other than that, I can see that it's a problem.

"1. Turn off automatic open in safari 2. Safari tells you that you're about to open an application"

Yep, and you'll get the added benefit of not auto-opening PDFs, QuickTime movies and other content that you really _do_ want to auto-open. Apple clearly needs to fix Safari so that it won't auto-launch spyware Dashboard widgets.

I'm switching to Windows. It is much more secure. Nothing like this ever happens on XP while I'm using Dashboard and IE. Ever.

"Yep, and you'll get the added benefit of not auto-opening PDFs, QuickTime movies and other content that you really _do_ want to auto-open. Apple clearly needs to fix Safari so that it won't auto-launch spyware Dashboard widgets."

Is that new to Safari 2? I haven't turned auto launch off on tiger yet, but I did on panther. I had a plugin for pdfs, which would launch the pdf in the browser window, and quicktime opened in the browser as expected, even with auto launch off. I guess I'll need to check out safari 2 to see if they took that ability away.

I was a little perplexed when I downloaded the TV widget and it auto installed, I thought the download broke because it dutifully warned me that I was downloading and application but it wasn't on my desktop when done. After the second download I checked and sure enought it was already installed. A bad model. Safari shouldn't be able to auto open an application and the system should not allow ANY download to autoinstall. Let's see what they do with this in 10.4.1, hopefully real soon.

actually loads the widget? WTF... Why would he do that?

Doesn't Microsoft make a big ballyhoo when developers like this post claims of security holes to the public without giving them sufficient time to "review" these sorts of issues before making public these issues?

Guess standard procedures don't apply to Apple...

Gee, so nice of MacNN to warn us without mentioning the site or developer by name so we can avoid their (unecessary) little demonstration, or perhaps protect the developer from an instant denial of service assault from "grateful" Macusers. C'mon MacNN don't filter the facts, leave that to Condeleeza Rice.

as much as i want to love dashboard, now that i have finally gotten a chance to work/play with it, the more i realize that it's SO different than anything apple has tried to do before. good different? bad different? just different. and there is no way that a basic user will know to turn off "auto open safe files" in safari, and while i DO like being able to OPEN safe files like pdfs, i do NOT like items auto INSTALLED like this. plus, apple doesn't make it very easy to remove widgets. go ahead, look in apple help. it says you can't remove or reorder widgets. well, that's not true of course (just look inside library/widgets), but don't you think a basic user will trust help to be telling it the truth? i just do not understand why apple has not given any sort of easy gui way of deleting widgets, like an option-drag out of the dashboard dock or something.

like i said, it's different. different enough to confuse long-time users (i have never had anything on a mac auto-INSTALL like widgets do from an internet download... i, too, was look for the download on my desktop), and, in an attempt for transparency, really made it hard for basic users to figure out how to backtrack if they make a mistake.

Okay, so it's not hard to find (or avoid): www.stephan.com/