•    
  •  
Your source for indispensable Apple and Macintosh news, reviews, tips, and commentary since 1990.

 

 
Most Popular Articles
 

 

Recent TidBITS Talk Discussions
 

 

Published in TidBITS 753. Subscribe today to receive TidBITS in email every Monday.

 

 
01 Nov 2004 | Print Printer-Friendly Version of This Article |

Security Update Patches Apple Remote Desktop

by Mark H. Anbinder

Security Update Patches Apple Remote Desktop -- Apple has released Security Update 2004-10-27, a patch to Apple Remote Desktop Client 1.2.4 that prevents a remote user from starting an application behind the login window, which would allow the application to run as root. The vulnerability exists on Mac OS X 10.3 systems with Apple Remote Desktop Client 1.2.4 installed and Fast User Switching enabled. On an unpatched system that has a user logged in, but the login window visible via Fast User Switching, an Apple Remote Desktop user with privileges to do so can start an application, which would run as root. (The vulnerability requires that the Remote Desktop user have a valid username and password to access the system; it does not expose the machine to unauthorized use.)

<http://docs.info.apple.com/article.html? artnum=61798>

The 832K download, available through Software Update or the Apple Downloads page, only applies to Mac OS X 10.3 and later operating systems, and isn't needed if Apple Remote Desktop has already been upgraded to version 2.1. [MHA]

<http://www.apple.com/support/downloads// securityupdate20041027ard.html>

Previous Article
Previous Article
Recommend This Article
-
Next Article
Top Articles in this Section
MARK/SPACE, INC: Take it with you! The Missing Sync makes
it easy to synchronize contacts, calendars, notes, photos
and more from your Mac to your BlackBerry, Palm OS, or
Windows Mobile phone. <http://www.markspace.com/bits>