Avant la prochaine révision de Mac OS X 10.3.6, Apple propose une nouvelle mise à jour de sécurité qui s'appelle : Security Update 2004-10-27 numérotée 1.0.

Cette mise à jour est disponible via le module de mise à jour des logiciels (832ko), ou directement sur le site d'Apple. 

Alors qu'apporte donc cette nouvelle mise à jour de sécurité ?



Vous pouvez télécharger directement ce patch ici :



Pour les corrections apportées, tout est dans le texte ci-après et en anglais :

Security Update 2004-10-27
▪ Apple Remote Desktop  

Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x
CVE-ID: CAN-2004-0962
Impact: An application can be started behind the loginwindow and it will run as root.
Description: For a system with these following conditions
▪ Apple Remote Desktop client installed
▪ A user on the client system has been enabled with the Open and quit applications privilege
▪ The username and password of the ARD user is known
▪ Fast user switching has been enabled
▪ A user is logged in, and loginwindow is active via Fast User Switching
If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.