Open Menu
Close Menu
Apple
Shopping Bag
Apple
Mac
iPad
iPhone
Watch
TV
Music
Support
Search apple.com
Shopping Bag
Lists
Open Menu
Close Menu
Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists
Re: Security patch 2008-005 and scripting additions
[
Date Prev
][
Date Next
][
Thread Prev
][
Thread Next
][
Date Index
][
Thread Index
]
Re: Security patch 2008-005 and scripting additions
Subject
:
Re: Security patch 2008-005 and scripting additions
From:
email@hidden
Date: Fri, 1 Aug 2008 08:18:08 -0400
John DeTroye denied that a regular user could elevate their privs when I asked him about this... so I was worried that Apple was not taking this seriously.
I am glad this has been patched.
Charles Profitt
Sr. Network Technician
BrainBench Certified - (Master)Microsoft Security | (Master)Storage Area Networks Concepts | (Master)Microsoft Vista Desktop Administration | (Master)Macintosh OS X 10.4 Desktop Administration
75 Barker Road
Pittsford, NY 14534
Important Notice:
This communication, including any attachments, is intended only for the use of the individual(s) or entity(s) to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient, you are hereby notified that any dissemination, distribution or reproduction of any part of this communication in any format is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this communication and deleting the original and any automatically generated copies. Thank-you for your co-operation.
Bill Cheeseman <email@hidden>
Sent by: applescript-users-bounces+chas_profitt=email@hidden
08/01/2008 05:45 AM
To
AppleScript-Users Mail <email@hidden>
cc
Subject
Security patch 2008-005 and scripting additions
Yesterday's security patch 2008-005 from Apple included this:
"Impact: A local user may execute commands with elevated privileges
Description: A design issue exists in the Open Scripting
Architecture libraries when determining whether to load scripting
addition plugins into applications running with elevated privileges.
Sending scripting addition commands to a privileged application may
allow the execution of arbitrary code with those privileges. This
update addresses the issue by not loading scripting addition plugins
into applications running with system privileges. The recently
reported ARDAgent and SecurityAgent issues are addressed by this
update. Credit to Charles Srstka for reporting this issue."
Does "scripting addition plugin" mean what we normally refer to as
"scripting addition"? And exactly what usage patterns does this Do not post admin requests to the list. They will be ignored. AppleScript-Users mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: Archives:
http://lists.apple.com/archives/applescript-users
This email sent to email@hidden
References:
>
Security patch 2008-005 and scripting additions
(From: Bill Cheeseman <email@hidden>)
Prev by Date:
Security patch 2008-005 and scripting additions
Next by Date:
Re: Security patch 2008-005 and scripting additions
Previous by thread:
Security patch 2008-005 and scripting additions
Next by thread:
Re: Security patch 2008-005 and scripting additions
Index(es):
Date
Thread