updated 05:50 pm EST, Fri January 25, 2008
Tiger, Leopard flaw
Similar to the Office 2008-related permissions problem reported earlier today, Mac OS X 10.4 Tiger and 10.5 Leopard users may be susceptible to additional vulnerabilities. MacNN reader Robert Myers reports that when using a standard user account to copy software in to the Applications folder, the authentication that takes place not only allows the software to be inserted in to the folder (as it should) but also changes the owner of the application to the current user.
Myers says that this could compromise a user's system integrity, by allowing malicious users access to otherwise protected personal data. He has mentioned that attempting to fix permissions through the user interface yields no results, but rather that a lengthy line-level Terminal procedure is involved to correct the problem.
Apple has been notified of the matter, but has allegedly deemed the issue to be an "enhancement" to operational features.