troubleshooting/tutorials/security
09/17/2007, 1:25pm, EDT
Monday, September 17th
Security firm issues widget warning
Web security firm Finjan today warned users that "widgets" and "gadgets" are posing serious security risks to computer, and that the small software add-ons should be treated just like full-sized applications. Finjan points to several security vulnerabilities which were repaired by various widget vendors after the firm discreetly offered information about those issues. While Apple is listed as one of the larger platforms supporting widgets, none of the listed security vulnerabilities reported so far afflict the Cupertino-based company's Mac OS X operating system. Finjan recommends refraining from using non-trusted third-party widgets or gadgets, and suggests exercising caution when using interactive widgets that rely on external sources like RSS feeds. Recent vulnerabilities were discovered in Windows Vista Contacts Widget, Live.com RSS reader, and Yahoo! Widgets Contacts. Finjan is actively warning users to expect an increase in attacks through unsecured widgets in the near future.
Filed under: troubleshooting
, 
, 7
, 
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Btw, MacNN, this isn't news. I guess it would be useful in the continuous security argument by the two camps, if nothing else.
Next he'll be telling you to purchase his nifty anti-ware to protect you from the evil malware...
Well, if you bothered to even look at the press release, or even read the above, you'd know they are talking about widgets in general, not specifically, and they didn't even try to pawn off knowledge of OS X or say it was a problem.
Oh, and please tell us how Apple's security model prevents security issues via widgets. And go into detail, too, just don't make stupid blanket statements like "You need a password, so its OK!".
That only helps if the problem is a malware widget. It doesn't help if the widget opens the security hole itself, or the widget app (like dashboard) has issues that creates a hole in it.
If there are any Mac OS vulnerabilities, it will be because people didn't look before they leaped when installing apps like widgets.
Um, no. it can also be due to Apple releasing software that causes security issues. Some past examples, if we must: iTunes installer deleting entire drives (oh, I know, its not a really a security issue, it just acted like one nasty trojan), or how about Safari set up to auto-launch downloaded documents (its still set up to do this by default, BTW), allowing scripts to run, disk images to mount and auto-launch, etc.
This is bullshit_ The article warns about Mac Widgets but says that it found no problems with anything in OS X_ That what they've found affects Vista - no fucking shock there_
I concur with my friend NJFUZZY - FINJAN [who the fuck is this ?] is merely trying for 15 minutes in the spotlight since it's easy to merely throw Apple's name in the mix these days without actually having a coherent thought and having proof to back anything up_