Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: "Brian K." <codesamurai () mac com>
Date: Thu, 19 May 2005 01:21:02 -0400

I looked around and didn't see any invitation from Apple to report
vulnerabilities, so for now I guess I'll post here and leave it to
someone with a paid developer's account to tell them.

Seems to me that you can report bugs from
Membership is required, but the free "online" membership is

Also, if you don't want to register, you may submit security issues via e-mail to <product-security () apple com>. (cf. <http:// www.apple.com/support/security/>)

It should be noted that the Mac OS X 10.4.1 Update should have already fixed the Safari auto-install issue, as it now supposedly prompts "<file> is an application. Are you sure you want to download the application <file>?", if the "Open Safe Files" checkbox is checked. (cf. <http://stephan.com/widgets/zaptastic/> )

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]