Security Update 2008-005
- Open Scripting ArchitectureCVE-ID: CVE-2008-2830
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A local user may execute commands with elevated privileges
Description: A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. Sending scripting addition commands to a privileged application may allow the execution of arbitrary code with those privileges. This update addresses the issue by not loading scripting addition plugins into applications running with system privileges. The recently reported ARDAgent and SecurityAgent issues are addressed by this update. Credit to Charles Srstka for reporting this issue.
Macintosh and iPhone software updates and announcements for July 29, 2008:
- Blizzard Entertainment, Inc. announced that tickets for its third BlizzCon gaming convention will go on sale August 11, and that live coverage of the event will be available as an exclusive DIRECTV pay per view event. BlizzCon is a celebration of the global player communities surrounding Blizzard Entertainment’s Warcraft, Diablo, and StarCraft game universes. The event will take place at the Anaheim Convention Center in Anaheim, California on October 10 and 11.
07.23.08MacBook Touch coming in October?
Okay, so I know this guy who knows this guy who knew this guy who read on Gizmodo that MacDailyNews has a source who leaked that the MacBook Touch will be coming in October.
In a surprising act of earliness, Apple has taken MobileMe, the App Store, and firmware 2.0 online. Mobile me was taken online after last night when Apple released the MobileMe updater for OS X that replaced all references to .Mac with MobileMe.