Language Selection

English French German Italian Portuguese Spanish

Mac malware door creaks open

Filed under
Mac

Apple has been encouraging developers to create new widgets for Tiger's Dashboard--a semi-transparent layer of everyday, often-used applications such as a calculator or currency converter that appears over the user's desktop--but within days of its public release, one developer claims to have already found a way to turn widgets into potential malware.

Developer Stephan, who has posted the widgets to his blog, has created two mini-apps which he describes as "slightly evil." One widget, he says, will automatically install itself on users' desktops when his "Zaptastic" Web site is visited using Apple's Safari browser.

This, according to Stephan, is a golden opportunity for porn scammers, enabling them to auto-install widgets that can hijack browsers.

According to Stephan's blog: "I happen to like (auto-install). I think it's a great thing. But, as I have demonstrated here, it has the side effect of setting up a situation where a user can be given an application without their knowledge.

"That's not such a big deal; by default, widgets can't do much damage, and they can't run unless you drop them into your dashboard. The funny thing is that once that widget is there, according to Apple, you CANNOT remove it."

Full Story.

More in Tux Machines

Debian 6.0 Long Term Support reaching end-of-life

The Debian Long Term Support (LTS) Team hereby announces that Debian 6.0 ("squeeze") support will reach its end-of-life on February 29, 2016, five years after its initial release on February 6, 2011. There will be no further security support for Debian 6.0. The LTS Team will prepare the transition to Debian 7 ("wheezy"), which is the current oldstable release. The LTS team will take over support from the Security Team on April 26, 2016. Read more

Tiny Core Linux 7.0 Up to Release Candidate Phase, Adds Linux Kernel 4.2.9

Robert Shingledecker announced the release and immediate availability for download and testing of the first RC (Release Candidate) build of the upcoming Tiny Core Linux 7.0 operating system. Read more

Mozilla Thunderbird 45.0 to Finally Bring GTK3 Integration for Linux, Sort Of

Earlier today, Mozilla has come out with the sixth point release of the stable 38.0 branch of its Thunderbird e-mail, news, and chat client, fixing a few minor issues reported by users since the 38.5.x series. Read more

OpenPHT 1.5.1 for Debian/sid

I have updated the openpht repository with builds of OpenPHT 1.5.1 for Debian/sid for both amd64 and i386 architecture. For those who have forgotten it, OpenPHT is the open source fork of Plex Home Theater that is used on RasPlex, see my last post concerning OpenPHT for details. Read more