DealsOnTheWeb Daily Deal: 80GB iPod Classic: $209 Delivered
Apple Releases Security Update Affecting Apple Remote Desktop
by , 5:05 PM EDT, October 27th, 2004
Apple has released Security Update 2004-10-27 for Mac OS X. The update deals with an issue that makes it possible for applications to be run with root privileges under certain circumstances involving Apple Remote Desktop. Apple's release notes:
Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x
Impact: An application can be started behind the loginwindow and it will run as root.
Description: For a system with these following conditions
- Apple Remote Desktop client installed
- A user on the client system has been enabled with the Open and quit applications privilege
- The username and password of the ARD user is known
- Fast user switching has been enabled
- A user is logged in, and loginwindow is active via Fast User Switching
If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.
The update is being recommended for all users, though it only effects Apple Remote Desktop. The update weighs in at 832k, and can be found in Software Update, or on Apple's security update page.
Observer Comments
Recent Headlines - Updated Tuesday, May 13th, 2008
- Tue., 5:00 PM
- iPodObserver - CW: AT&T's 3G Network Leaves Verizon, Sprint in the Dust
- 4:00 PM
- Montage 1.5 Gets New Styles System, Scene Navigation Enhancements
- 3:45 PM
- RIM's Empire Strikes Back at Apple
- 3:00 PM
- C|Net: Remote Possibilities for Apple
- 2:55 PM
- Mac Gaming News - World of Warcraft Patched to 2.4.2 - Class Changes, Mac Fixes
- 2:20 PM
- Apple Publishes Details on WWDC Keynote
- 1:40 PM
- Office 2008 for Mac Sales Soaring
- 11:50 AM
- Apple Gives Retail Store Site a New Look
- 11:10 AM
- Mac Gaming News - Friction Games Ships Penumbra: Black Plague
- 10:40 AM
- Hot Forum Topic - The Mighty-dirty Mouse
- 10:05 AM
- Adobe Updates DNG Specification with Camera Profiles
- 9:35 AM
- iPodObserver - HBO Joins iTunes with Two-tier Pricing
- 8:35 AM
- Apple Rolls Out "New Get a Mac" Ads
- 8:10 AM
- PageSender 4.3 Enhances Menu Options, More
- 7:40 AM
- Podcast - Apple Weekly Report #125: iPhone Expansion, NBC and Zune, Apple's Eco-stance
- 3:10 AM
- MS Office 2008 SP1 Improves Stability, Security, More
- 3:05 AM
- Microsoft Says Visual Basic Returning to Office
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OtherWorld Computing: Better than new Batteries for iPods NewerTech NuPower, up to 20+ Hours! Complete with Tools from $19.99. Online videos. Professional installation available.
MacPro Memory 667Mhz With Apple Spec Heat Sink 2GB Kit $ 90 / 4GB Kit $140 / 8GB Kit $278 Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.For the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Pink EasyShare M863 8.2 MP Digital Camera: $127.49 Delivered 
Canon FS100 SD/SDHC Card Camcorder: $359.99 Delivered 
Sony 16 GB Walkman Video MP3 Player with Built-in Bluetooth: $269.95 Delivered 
Targus Laser Wireless Desktop Mouse: $25.19 Delivered 
Hitachi 160GB IDE Hard Drive & 3.5" Enclosure Combo: $71.99 Delivered 
