Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

Security Update Patches Apple Remote Desktop

Send Article to a Friend

Security Update Patches Apple Remote Desktop -- Apple has released Security Update 2004-10-27, a patch to Apple Remote Desktop Client 1.2.4 that prevents a remote user from starting an application behind the login window, which would allow the application to run as root. The vulnerability exists on Mac OS X 10.3 systems with Apple Remote Desktop Client 1.2.4 installed and Fast User Switching enabled. On an unpatched system that has a user logged in, but the login window visible via Fast User Switching, an Apple Remote Desktop user with privileges to do so can start an application, which would run as root. (The vulnerability requires that the Remote Desktop user have a valid username and password to access the system; it does not expose the machine to unauthorized use.)

<http://docs.info.apple.com/article.html? artnum=61798>

The 832K download, available through Software Update or the Apple Downloads page, only applies to Mac OS X 10.3 and later operating systems, and isn't needed if Apple Remote Desktop has already been upgraded to version 2.1. [MHA]

<http://www.apple.com/support/downloads// securityupdate20041027ard.html>

 

PDFpen and PDFpenPro 7 make PDF editing easy. Review and mark up
your PDFs, fill and sign forms, and even export PDFs to Word format.
Signing is now easier, you can view the OCR text layer, and more.
Try editing your PDFs today! <http://smle.us/pdfpen-7-tb>