With all the hoopla about any vulnerability in Windows, this statement, "This is easier to do than with Windows. After all, it's a Mac." made me chuckle.
"We won't disclose the exact technique used here, it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user. Especially as it only requires Copy permissions. An Admin could install this globally to all users.
The result: This particular sample successfully launched the Mac's Web browser when we used any of a number of applications.
This is easier to do than with Windows. After all, it's a Mac."
Thursday, November 23, 2006
Another Mac OS X Problem
F-Secure has reported receipt of a proof-of-concept sample of iAdware for Mac OS X. They report that in theory iAdware could be silently installed to the User account and hooked to each application and does not require Administrator rights. Further in the report: