Secunia: Mac OS X Users Still At Risk

Dom · May 25, 2004, 12:23 AM

Although Apple issued a patch late Friday afternoon, the security firm warns that users of the operating system still remain vulnerable to an "extremely critical" security flaw.

Security firm Secunia warned Apple Computer users this past weekend that they remain at risk to attack even if they apply a patch Apple published Friday to fill a security hole.
"It is still possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X," Secunia's security advisory states.

In an E-mail interview Monday, a Secunia spokesman said that the security firm hasn't been in contact with Apple to discuss the lingering security vulnerability.

According to Secunia's advisory, Apple's security update doesn't solve all the security problems related to the two flaws widely reported May 17. The firm says users remain vulnerable to a "disk URI vulnerability."

The disk URI vulnerability, Secunia says, makes it possible for attackers to establish malicious Web sites to surreptitiously place programs on users' systems.

The firm is advising Mac OS X users to uncheck the "open safe files after downloading" option and add a protocol helper application for disk and disks. It's best that Apple users don't visit untrusted Web sites or surf the Internet as privileged users, Secunia says.

Read More...

______________________
Source: InfoWeek

May 25, 2004, 12:23 AM	#1
Dom DriverHeaven Extreme Member Join Date: Jun 2002 Posts: 12,940 Rep Power: 0	Secunia: Mac OS X Users Still At Risk Although Apple issued a patch late Friday afternoon, the security firm warns that users of the operating system still remain vulnerable to an "extremely critical" security flaw. Security firm Secunia warned Apple Computer users this past weekend that they remain at risk to attack even if they apply a patch Apple published Friday to fill a security hole. "It is still possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X," Secunia's security advisory states. In an E-mail interview Monday, a Secunia spokesman said that the security firm hasn't been in contact with Apple to discuss the lingering security vulnerability. According to Secunia's advisory, Apple's security update doesn't solve all the security problems related to the two flaws widely reported May 17. The firm says users remain vulnerable to a "disk URI vulnerability." The disk URI vulnerability, Secunia says, makes it possible for attackers to establish malicious Web sites to surreptitiously place programs on users' systems. The firm is advising Mac OS X users to uncheck the "open safe files after downloading" option and add a protocol helper application for disk and disks. It's best that Apple users don't visit untrusted Web sites or surf the Internet as privileged users, Secunia says. Read More... ______________________ Source: InfoWeek