On mySimon: Bacon Soap
BNET Business Network:
BNET
TechRepublic
ZDNet

August 3rd, 2009

Apple: GarageBand leaks user data to advertisers

Posted by Ryan Naraine @ 4:38 pm

Categories: Apple, Browsers, Data theft, Passwords, Patch Watch, Pen testing, Phishing, Privacy, Research, Responsible disclosure, Vulnerability research

Tags: Apple Safari, Apple Inc., User Data, GarageBand, Advertiser, GarageBand 5.1, Default Preference, Channel Management, Marketing, Ryan Naraine

Apple today warned that its GarageBand software is leaking users’ Web activity to third parties and advertisers.

The company shipped GarageBand 5.1 to plug the hole and advise users to tweak their Safari browser preferences to avoid data leakage.  Here’s the relevant information from Apple’s advisory:

  • CVE-2009-2198: When GarageBand is opened, Safari’s preferences are changed to always accept cookies. The default preference is to accept cookies only for the sites being visited. The altered setting may allow third parties and advertisers to track a user’s web activity.

The update addresses the issue by not changing the preference setting. Users who have run previous versions of GarageBand should confirm that their Safari preferences are set as desired, Apple said.

GarageBand 5.1 is available via the Apple Software Update application or Apple’s GarageBand download site.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 11 Talkback(s)
Vendor arrogance, not "security problem"
This is not a "security problem" in the sense of some deep coding error that permits raw code execution.

It's a deliberate decision of the software authors to override the user's preferences ... (Read the rest)
Posted by: cquirke Posted on: 08/06/09 You are currently: a Guest | | Terms of Use
update very large  gertruded | 08/04/09
RE: Apple: GarageBand leaks user data to advertisers  nnutter | 08/04/09
Perhaps use of the past tense would be indicated in this instance?  UGottaBKidding | 08/04/09
I wonder...  Qbt | 08/04/09
There is much more than just this one change.  msalzberg | 08/04/09
No platform is immune to malware and security problems...  HypnoToad72 | 08/04/09
I guess you have been living under a rock lately  Qbt | 08/04/09
Vendor arrogance, not "security problem"  cquirke | 08/06/09
Well if this was a warning to run my Apple update manually...  No More Microsoft Software Ever! | 08/04/09
The truth hurts, I guess...  Qbt | 08/04/09
RE: Apple: GarageBand leaks user data to advertisers  macgroover | 08/05/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads