Apple today released Security Update 2004-10-27, which provides several Mac OS X security enhancements and fixes for Apple Remote Desktop 1.2.4 (ARD). According to the release notes, the update will prevent an application to be launched behind the ARD loginwindow which will run as root. “If the ARD Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents ARD from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3.”