Home > Exploits > Apple Fixed The Piggybacking Issue In SU

Apple Fixed The Piggybacking Issue In SU

Couple of weeks ago, I blogged about this “Safari 3.1 Piggybacks In Sofware Update“.

There was a series of reaction specifically those who understands information security, criticizing about Safari 3.1 piggybacking or stealth installation through Software Update.

Now, the interesting news is that Apple fixed this issue in Windows Apple Software Update version 2.1 [READ ZDNet]. I reckon earlier last week, the software update tool still includes Safari 3.1 in the list. However today, this is what i found out.

To manually update, click “Apple Software Update” from Windows Program menu.

Notice “Apple Software Update for Windows”, this is an update to get the latest SU version 2.1.

Let’s install and check it …

Here’s the new look. Apple fixed the issue by creating two sections: (1) Updates (2) New Software. It simply shows that Safari 3.1 is no longer piggybacking in software updates since it has its own category as New Software. Good!

But wait, how come the tick boxes were already filled-in by default?

Perhaps, this update is a complete conformity to information security if they also changed this default behavior to “NO”.

Speaking of default behavior, the latest changes in RapidLibrary requires users to install Zango to access a free content but here’s the catch… Click “OK” to cancel and “Cancel” to continue.

Funny, this is Psychology of Security [Reference: Bruce Schneier].

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: