Apple Releases Security Update Affecting Apple Remote Desktop
Apple Releases Security Update Affecting Apple Remote Desktop
by , 5:05 PM EDT, October 27th, 2004
Apple has released Security Update 2004-10-27 for Mac OS X. The update deals with an issue that makes it possible for applications to be run with root privileges under certain circumstances involving Apple Remote Desktop. Apple's release notes:
Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x
Impact: An application can be started behind the loginwindow and it will run as root.
Description: For a system with these following conditions
- Apple Remote Desktop client installed
- A user on the client system has been enabled with the Open and quit applications privilege
- The username and password of the ARD user is known
- Fast user switching has been enabled
- A user is logged in, and loginwindow is active via Fast User Switching
If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.
The update is being recommended for all users, though it only effects Apple Remote Desktop. The update weighs in at 832k, and can be found in Software Update, or on Apple's security update page.
Observer Comments
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated July 6th
- Mon, 11:17 AM
- Ted Landau's User Friendly View - Apple’s LED Cinema Display: A Too Short Story
- 11:11 AM
- Product News - Photo Recovery for Mac Adds Photoshop Support
- 10:39 AM
- Hot Forum Topic - iPhones in Education
- 8:47 AM
- News - Apple Employee Injured in Store Shooting
- Fri, 10:29 AM
- News - Apple Warns of Learning Interchange Security Breach
- 7:30 AM
- News - Happy Fourth of July!
- Thu, 6:07 PM
- TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
- 5:37 PM
- News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
- 4:57 PM
- News - Microsoft Sick Over Barf Ad
- 4:09 PM
- Product News - KRK Ships R6 Passive Studio Monitor for Recording
- 3:45 PM
- John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
- 3:12 PM
- Product News - ExactScan 2 Pro Released
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Big Drives, High Performance - Not High Prices! SATA 3.5" up to 1.5TB. Notebook up to 500GB. FW up to 6.0TB. 1.0TB Drive Models from as low as $97.99 www.MacSales.com
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click hereFor the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
