ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple: GarageBand leaks user data to advertisers

By | August 3, 2009, 4:38pm PDT

Summary: Apple today warned that its GarageBand software is leaking users’ Web activity to third parties and advertisers. The company shipped GarageBand 5.1 to plug the hole and advise users to tweak their Safari browser preferences to avoid data leakage.  Here’s the relevant information from Apple’s advisory: CVE-2009-2198: When GarageBand is opened, Safari’s preferences are changed to always [...]

Apple today warned that its GarageBand software is leaking users’ Web activity to third parties and advertisers.

The company shipped GarageBand 5.1 to plug the hole and advise users to tweak their Safari browser preferences to avoid data leakage.  Here’s the relevant information from Apple’s advisory:

  • CVE-2009-2198: When GarageBand is opened, Safari’s preferences are changed to always accept cookies. The default preference is to accept cookies only for the sites being visited. The altered setting may allow third parties and advertisers to track a user’s web activity.

The update addresses the issue by not changing the preference setting. Users who have run previous versions of GarageBand should confirm that their Safari preferences are set as desired, Apple said.

GarageBand 5.1 is available via the Apple Software Update application or Apple’s GarageBand download site.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Safari, Apple Inc., User Data, GarageBand, Advertiser, GarageBand 5.1, Default Preference, Channel Management, Marketing, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
12
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Apple: GarageBand leaks user data to advertisers
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
update very large
gertruded Updated - 4th Aug 2009
The update is 139 mb. There must be much more to the update than just
not changing Safari preferences.
0 Votes
+ -
RE: Apple: GarageBand leaks user data to advertisers
nnutter 4th Aug 2009
Maybe you should use less sensational headlines...or at least remotely accurate ones.
0 Votes
+ -
Perhaps use of the past tense would be indicated in this instance?
UGottaBKidding 4th Aug 2009
.
0 Votes
+ -
I wonder...
Qbt Updated - 4th Aug 2009
I wonder if you are equally concerned about sensationalist MS headlines?

Since Apple and most of its fanboys are more concerned about clinging to Apple's precious little "Apple-Is-Teh-Perfect" PR image than dealing with silly things like, say, warning users about security issues, my guess would be: No
0 Votes
+ -
There is much more than just this one change.
msalzberg 4th Aug 2009
http://support.apple.com/downloads/GarageBand_5_1

0 Votes
+ -
No platform is immune to malware and security problems...
HypnoToad72 4th Aug 2009
But when it comes to how solid the OS is (e.g. no registry, no fragmentation, no dilettante garbage that requires purchasing oodles of third party tools... or OEM-installed crapware prompting the need for said third party tools... and hoping those third party tools don't include malware of their own and I know one company DOES... or at least did...)

I'll still go with Apple. You can thank Microsoft. And thousands more do so every single day.

wink
0 Votes
+ -
I guess you have been living under a rock lately
Qbt Updated - 4th Aug 2009
Clue: Number of attacks != Number of vulnerabilities
0 Votes
+ -
Vendor arrogance, not "security problem"
cquirke 6th Aug 2009
This is not a "security problem" in the sense of some deep coding error that permits raw code execution.

It's a deliberate decision of the software authors to override the user's preferences in a way that increases risk.

It's the same sort of arrogance as we've seen in Windows with settings that are supposed to block interpretation of Autorun.inf on a per-device basis; look how slowly, and indirectly, Microsoft fixed that.

As to "Apple or PC", I'd go PC, because at least I'm not locked into one vendor. Sucky OEM bundling? Switch OEMs... you don't have that choice with Apple, who bundle Safari, iTunes etc. and shove these (pre-checked selections in "options") as "updates" for software that isn't even installed.

Vendors suck, and there's no "escape raft", alas!

0 Votes
+ -
Well if this was a warning to run my Apple update manually...
No More Microsoft Software Ever! 4th Aug 2009
thanks!

Otherwise, I think Ryan Naraine is a Windows shill and a HOG!
0 Votes
+ -
The truth hurts, I guess...
Qbt Updated - 4th Aug 2009
If you can't handle Apple's flaws being aired out just like everyone else's, then you should just find a hole you stick your head into it, or something.
0 Votes
+ -
RE: Apple: GarageBand leaks user data to advertisers
macgroover 5th Aug 2009
This is a somewhat misleading headline. "User data" implies
that it leaks stuff like name and email. Granted it's a bad
bug.
0 Votes
+ -
RE: Apple: GarageBand leaks user data to advertisers
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix