Hack Mac OS X With Installer Packages 194
Posted
by
kdawson
from the why-not-to-run-as-admin dept.
from the why-not-to-run-as-admin dept.
nezmar writes, "MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.'" The article notes that this issue was brought up on the Apple Discussion Boards 6 weeks back and that it was noted there as a duplicate / known issue. It also gives as an example the installation of Parallels, the popular virtualization software, which uses the described technique, but not for nefarious purposes.
Thank You! (Score:2, Funny)
Read my previous guide to securing Mac OS X and do not run as an admin user for daily activities.
Moreover, if you must run as the administrator, do not install packages from non-reputable sources without cracking open the package
Well, thank you, Captain Obvious!
Re:Let me get this straight ... (Score:3, Funny)
3. People will double-click anything.
As an addendum to this I'd like to add that most users will double click on anything, and when nothing happens, they will continue to double click until something either does happen or their mouse finger falls off, or their computer dies. Whichever happens first.
Re:Well... (Score:3, Funny)
Whew! (Score:4, Funny)