“A forthcoming update to Apple’s Mac OS X 10.4 ‘Tiger’ operating system will reportedly plug a hole in the company’s new Dashboard application that allows potentially malicious widgets to auto-install on a user’s system. The fix is believed to be one of over three dozen expected in Apple’s Mac OS X 10.4.1 Update. According to rumors, the update, code-named ‘Atlanta,’ could see a release as early as the end of the week,” Kasper Jade and Prince McLean report for AppleInsider. “After installing the update, sources say users of the Tiger operating system will be prompted before a widget is downloaded to their hard drive. Currently, Tiger possess a vulnerability where potentially dangerous or annoying widgets can be downloaded onto a hard drive and installed without the user’s knowledge or consent.”
More information in the full article here.
Related MacDailyNews articles:
Widget Manager for Mac OS X allows you to inspect, remove, and disable Dashboard Widgets – May 10, 2005
Developer demos ‘exploit’ in Mac OS X Tiger’s Dashboard – May 09, 2005
MacDailyNews Dashboard Widget for Mac OS X Tiger released – May 07, 2005
EXCELLENT!
Apple as usual on the case!
No 6 month wait for security updates for us mac users!
Poor old windows users – sob, sob (NOT!)
Sometimes features create holes.
Hell, Windows 95 features are still creating holes in XP.
I’m not too worried about the Dashboard thing because I turned off the open safe items thing in Safari long ago anyway. I just want 10.4.1 to get rid of the beachballs and other minor quirks that have cropped up since upgrading to Tiger.
36 bug fixes for tiger?
Man, I hope 10.4.2 is right around the corner with 1,000’s of bug fixes.
I love Apple and think Tiger is great, but it is painfully buggy. Microsoft-esque Buggy.
Tiger needed at least another 2-3 months of testing and bug fixing. I hope .1 is more than is being billed, but I doubt it…
–A sad Apple Fan
Retro cat,
“Painfully buggy”? It certainly hasn’t been so in my experience. There are some bugs that I consider minor annoyances, but I haven’t come across any deal-killers. Could you give some details of the bugs you’ve encountered?
“”As previously noted, Mac OS X 10.4.1 is also rumored to include an update to Tiger’s Core Graphics subsystem, which should provide updated graphics card drivers to Mac users with an ATI or Nvidia graphics card.””
Does this mean that us G4 users will get to see the ripple effect in the widgets and the weather animation in the weather widget??
Retro cat what are you talking about? I have no bugs whats-so-ever in Tiger. Begs the question as to how you installed Tiger.
geee….and all you macwidgetheads with blinders were all telling me in a previous thread about this topic this was not a problem.
if it is not a problem why has apple decided to fix it ASAP????
And now the believers of steve feel that bugs in the OS are no problems…if it´s on a mac its no problem.
I can see the ripples with my G4 PowerBook (1.25 Ghz).
Anyone with a troubled Tiger install should do a reinstall with the archive and install option. A lot of third party apps and things are still not ready for Tiger. Take the time and reinstall your third party apps one at a time. I own a new iMac G5 and have a fully stable install of Tiger running. All is good if you learn a bit before jumping right in. Take care one and all and enjoy the the new Cat in town. Tiger is ready if you are.
Hey, “helen of troy, ohio”, besides the ohh-so-clever name, have you got anything useful to contribute? Tell me, how is something that won’t exist long enough (because of this lightning-quick fix) and will probably never be exploited (ditto) a problem???
Guess you’ve never had the “pleasure” of using Windows by comparison.
i must be the only person on the earth who doesn’t understand the concept of ‘a bug’. to me, everything is running smoothly, except for the genie effect, but core image is still in it’s infancy, boo hoo.
helen of troy, ohio:
I think most people agreed that it wasn’t anything to go into an upright panic about. Why? Because most of us figured Apple would release a fix with 10.4.1, if not with that then a Security Patch released relatively quickly.
In general, I don’t think that a Widget could have done anything extremely harmful. I read an article on MacWorld about the risks we take when installing freeware/shareware on our Macs. We have a much greater chance of compromising our systems than Widgets auto-installing.
The auto-install with Widgets is more of nuisance than a horrible threat right now. It could turn into something more, but not in the time it takes Apple to release a patch.
Point 1: Tiger is as stable as Panther, running 24/7 since I installed it over a week ago on my iBook G3 800 MHz 640 MB RAM.
Point 2: Tiger is a bit faster overall than Panther.
Point 3: Although there are some glitches/minor annoying bugs that present themselves from time to time, none of them have prevented me from being able to perform a necessary computer task.
Point 4: Tiger was installed as an upgrade over top of the pre-existing Panther 10.3.9 OS. Previously, when I upgraded to Panther, I was installed as an upgrade over top of the pre-existing Jaguar 10.2.8 OS. I have never had to scrape the drive clean to gain a successful OS install on this machine.
Point 5: I run Disk Warrior once every couple of months — boot from the Disk Warrior CD.
Point 6: Since the machine runs 24/7, sleeping infrequently, automatic Apple system maintenance routines are able to run as scheduled. Caches are rotated/checked/flushed on a regular basis, as appropriate.
Point 7: Few to no third party haxies or other system hacks are installed.
Point 8: Always run “fix disk permissions” BEFORE any software install or upgrade, and directly AFTERWARD, also.
Point 9: 30 GB hard disk never has less than 6 GB of contiguous free space — this assures that the OSX system has all of the elbow room that it might need to expand/contract temporary caches or other system/non-user file types, and the hard disk is reduced in the amount of thrashing it would otherwise experience in trying to locate small bits of free space here and there, where it can write/read tiny fragments of files.
Bottom Line: On this machine, Jaguar was stable and useful, Panther was stable and useful, and noticeably faster than Jaguar, and, so far, Tiger is stable and useful and a bit snappier than Panther.
YMMV
Widgets are no more vulnerable than any other application. There is nothing stopping someone from writing a Photoshop add-on that erases the hard drive after the 40th run. All applications have the same access (in fact more) to the OS functions than a Widget.
When you download a Widget, you should use the same care hat you would with any application. Don’t ever download from unsure sources. Personally, I download only the ones on Apple.com.
Widgets downloaded from a default Safari are certainly more dangerous than applications.
1. Safari 2.0 has this option on as default (in the General set of preferences for Safari): Open “safe” files after downloading. “Safe” files include movies, pictures, sounds, PDF and text documents, and disk images and other archives.
2. Zip files containing widgets are considered “safe” files.
Therefore, widgets will self-install when downloaded, and may be downloaded without your permission or knowledge.
You can’t replicate this behavior with applications. They are not “safe” files. They can’t self-install and when installed need a password if they affect system resources. Widgets don’t affect system resources, but do affect user resources. They can delete your files, for example.
Everyone should turn off that “safe” file open option in Safari. When you download a widget, you double-click on its zip file and then move the resulting widget to your Library/Widgets folder (or the top-level Library/Widgets folder). If you find widgets or their zip files scattered on your drive, you’ll know that a web site has downloaded them secretly and you can trash them. Similarly, you can get rid of widgets by removing them from your Library/Widgets folder. You can change their order (which is alphabetical) by changing their names. Putting a space first in its name, for example, will make a widget first in the Dashboard. Force quitting the dock (which is safe) will reset the Dashboard to reflect changes.
Dashboard in general seems unfinished. I’m guessing it’s mainly for marketing. It’s hard to convince people to buy Tiger because its kernel APIs have been standardized or its file systems use arbitrary metadata. Ripple effects do more selling.
I ordered my Tiger from Amazon back in October, installed it in experimental volumes when it arrived, and have had no real troubles.
HELP!!!! I just upgraded my powerbook g4 to tiger and it wont shutdown now unless i force it to shutdown. What can i do? Wil 10.4.1 address this issure
I find it amazing that Windows users hold Apple’s OS to a higher standard than their own Microsoft OS.
I guess if you set the expectations high enough, you can find something wrong with anything.
And that’s the goal here… to find something wrong with Apple’s stuff.
What idiotic zealots.
erm, just because some of you haven’t experienced any “bugs” with Tiger does NOT mean that they aren’t there. You can install the same software package on 10 different machines and get 10 different sets of issues. Ask anyone in IT, they’ll tell you.
Already? Service Pack 1 for OS X Service Pack 4? Absolutely Amazing…(WTF)
[\seriousness]
ANTONIO
Open up a terminal. Type “Sudo shutdown now”. Type in your password.
Does it shutdown that way?
Hmmm…. seems like we’ve been over this issue before with RetroCat – who said there are “hundreds & hundreds” of bugs in Tiger and I believe I said it was probably closer to “tens and tens” – with this announcement, it appears I’m closer to being right, unless Mr. (or is that Ms?) Cat would care to elaborate and enlighten the rest of us on those “thousands” of bugs he/she has encountered in just the last week or so of using Tiger?
” width=”19″ height=”19″ alt=”smirk” style=”border:0;” />
<Already? Service Pack 1 for OS X Service Pack 4? Absolutely Amazing..>
Come on OS X upgrades are as analogus to XP service packs as Longhorn is a services pack update for XP.
Every OS X updates brings us far more features and functinality than all XP service packs combined.
As far as security and bug updates. Well at least we get them in a timely manner and they do work.
quit making fun of our macs!!!
windows sucks!
at least when apple has a problem they fix it.
windows will always suck.
damn that felt good!
the only bug i’ve encountered in Tiger is if you I a quicktime movie onto the dock, by accidentally double clicking the grey area, or hitting the yellow button, i can’t get it off.