Apple dashboard widget vulnerability published
An article (republished by the author here) in the Autumn 2008 issue of 2600 Magazine details a pretty serious vulnerability with Apple's dashboard widgets that could allow access to data on the user's hard drive.Since we may access the system with user privileges, we may edit/remove/create files within the user's home directory (this includes such sensitive data as ~/.