The state of Mac OS X security
The April launch of Mac OS X 10.4, aka Tiger, lost a little of its sheen following news that the Dashboard - one of the key features of the operating system - was a potential security hazard.
The Dashboard is a layer of ‘widgets’, cute mini-applications such as calculators, calendars and weather reports, which drop down over the desktop with the touch of a button. Apple has encouraged developers to create additional widgets and around 250 are available for download from the company’s website, with others available from third-party sites.
The problem stems from the fact that widgets are automatically installed after downloading. According to an alert posted on the Full Disclosure mailing lists, an attacker could write a malicious widget that would run invisibly in the background and hijack a user’s sudo (or admin) privileges. With administrative privileges, the attacker would have full control over the Mac.