Appletell

An enormous Mac OS X selling point has been it’s rock solid security, so one would be pretty enraged to find there is a gaping hole sitting in the operating system that has been reported many times and marked as “behaving normally,“ while enabling anyone with GUI access to run as root and do basically anything they want to your computer. Apple has obviously been made aware of this issue, and the worst part is, it has been around at least since Panther—over five years ago.

What exactly is this issue? Well, the issue in and of itself may not seem incredibly malicious. The problem lies in AppleScript, and the fact that Applications running as “root” (which basically gives complete access) can accept AppleScript commands from applications which are not running as root. Developer and MacNN forum member Charles Srstka notes that he has sent this in as a bug to Apple many times, and yet it has been labeled as “Behaves Correctly” and dismissed. Furthering the issue is the fact that all Cocoa applications automatically have basic AppleScript support, so any Cocoa application running as root can recieve these malicious AppleScript commands.

More after the break.

MORE »

Adium 1.2 is just around the corner, with a download available from the beta page. The team have added many improvements into the next version of the popular messaging client, specifically Bonjour improvements. Bonjour, Group Chat, XMPP, AppleScript and many minor features have been fixed and improved, resulting in a less-buggy version of the app. With group chat, inviting contacts is now as simple as clicking and dragging, and Bonjour file transfers are now possible. AppleScript has been improved as well, with it being completely rewritten. Within the contact window itself, groups are detachable from the main contact list.

A download is available at Adium’s beta page.

Via [Infinite Loop]
Download [Adium]

• Google’s “Lively” is gonna be dead
• Light switches are so last century
• Battlefield Heroes closes beta, retreats until 2009