toggle

AAPL Stock: 502.21 ( 0 )

Security firm issues widget warning

updated 01:25 pm EDT, Mon September 17, 2007

Firm issues widget warning


Web security firm Finjan today warned users that "widgets" and "gadgets" are posing serious security risks to computer, and that the small software add-ons should be treated just like full-sized applications. Finjan points to several security vulnerabilities which were repaired by various widget vendors after the firm discreetly offered information about those issues. While Apple is listed as one of the larger platforms supporting widgets, none of the listed security vulnerabilities reported so far afflict the Cupertino-based company's Mac OS X operating system. Finjan recommends refraining from using non-trusted third-party widgets or gadgets, and suggests exercising caution when using interactive widgets that rely on external sources like RSS feeds. Recent vulnerabilities were discovered in Windows Vista Contacts Widget, Live.com RSS reader, and Yahoo! Widgets Contacts. Finjan is actively warning users to expect an increase in attacks through unsecured widgets in the near future.


by MacNN Staff

print
email
(7)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. njfuzzy

    Fresh-Faced Recruit

    Joined: Apr 2001

    0
    09/17, 01:50pm | report spam | Reply |

    In other news...

    No-name security firm issues vague warning about hip new technology to gain press attention. Pictures at 11.

  1. Flying Meat

    Fresh-Faced Recruit

    Joined: Jan 2007

    0
    09/17, 02:03pm | report spam | Reply |

    in other other news...

    It's still a good idea to be aware of the potential. :P

  1. danviento

    Fresh-Faced Recruit

    Joined: Dec 2005

    0
    09/17, 02:22pm | report spam | Reply |

    If you have

    half a brain and also want to keep your machine free of malware/spyware (even in Mac OS), you make sure you can trust a source of the download before installing it. If there are any Mac OS vulnerabilities, it will be because people didn't look before they leaped when installing apps like widgets. Mac OS has some good stop-gaps like requiring admin password and such when making major changes to the system that apps like these shouldn't, but I could forsee some people who have admin rights unthinkingly accept some changes without checking to see if that SHOULD be necessary. Time will tell if this truly is an issue, but my opinion holds apple in the clear from such threats for some time.

    Btw, MacNN, this isn't news. I guess it would be useful in the continuous security argument by the two camps, if nothing else.

  1. hokizpokis

    Fresh-Faced Recruit

    Joined: Jan 2007

    0
    09/17, 03:33pm | report spam | Reply |

    one problem...

    If this 'security expert' instead of mouthing off, actually understood how the mac osx security model works, he would never attempt this lame arguement because this only proves his ignorance on the subject.

    Next he'll be telling you to purchase his nifty anti-ware to protect you from the evil malware...

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    09/17, 03:43pm | report spam | Reply |

    Re: one problem

    If this 'security expert' instead of mouthing off, actually understood how the mac osx security model works, he would never attempt this lame arguement because this only proves his ignorance on the subject.

    Well, if you bothered to even look at the press release, or even read the above, you'd know they are talking about widgets in general, not specifically, and they didn't even try to pawn off knowledge of OS X or say it was a problem.

    Oh, and please tell us how Apple's security model prevents security issues via widgets. And go into detail, too, just don't make stupid blanket statements like "You need a password, so its OK!".

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    09/17, 03:49pm | report spam | Reply |

    Re: if you have

    half a brain and also want to keep your machine free of malware/spyware (even in Mac OS), you make sure you can trust a source of the download before installing it.

    That only helps if the problem is a malware widget. It doesn't help if the widget opens the security hole itself, or the widget app (like dashboard) has issues that creates a hole in it.

    If there are any Mac OS vulnerabilities, it will be because people didn't look before they leaped when installing apps like widgets.

    Um, no. it can also be due to Apple releasing software that causes security issues. Some past examples, if we must: iTunes installer deleting entire drives (oh, I know, its not a really a security issue, it just acted like one nasty trojan), or how about Safari set up to auto-launch downloaded documents (its still set up to do this by default, BTW), allowing scripts to run, disk images to mount and auto-launch, etc.

  1. UberFu

    Fresh-Faced Recruit

    Joined: Oct 2002

    0
    09/18, 09:32am | report spam | Reply |

    all I want to know...

    is did they make a widget about it ?

    This is bullshit_ The article warns about Mac Widgets but says that it found no problems with anything in OS X_ That what they've found affects Vista - no f****** shock there_

    I concur with my friend NJFUZZY - FINJAN [who the f*** is this ?] is merely trying for 15 minutes in the spotlight since it's easy to merely throw Apple's name in the mix these days without actually having a coherent thought and having proof to back anything up_

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Powerbag Business Class Bag

Many companies currently offer battery packs and various accessories to keep smartphones and other gadgets charged when away from an o ...

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

toggle

Most Commented

10 Most Discussed

 

Popular News