Alastair Houghton: Mac OS X Authentication Dialogs Can Lie

Alastair Houghton reports on a security hole in Mac OS X that allows the authentication dialog to lie about which application is requesting administrator privileges. He reported the bug to Apple in November 2003 (rdar://3486235), and has gone public with it only because it’s gone unfixed for so long. (Via Michael Tsai.)

Wednesday, 28 June 2006