June 7, 2004 1:54 PM PDT

Apple patches 'critical' OS X flaw

Apple Computer on Monday released a security patch that fixes what the company called the first "critical" Mac OS X flaw.

A combination of holes disclosed by security researchers last month could have allowed an attacker to take over a vulnerable Macintosh, though no such exploits have been reported. Apple issued a partial fix last month, but security researchers had said that the Mac remained open to attack.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


Apple executives had earlier pledged to release a more complete patch, calling the flaw the first critical security issue since Mac OS X was released three years ago.

Apple said that creating the alert dialog box was the best way to prevent a malicious attack, while still preserving a popular feature of the operating system--the ability to open one program via a link from within another program. That feature allows one to send an e-mail directly through a link in a Web page, for instance.

"We believe we found a very good simple change in a core service that prevents these unwanted risks," Apple senior vice president Phil Schiller said on Monday. "This update, to the best of our knowledge, should close off the critical risk."

The patch, which was made available via Mac OS X's Software Update, attempts to prevent such problems by warning users when a program is being launched via the Internet that has not previously been run on the system. Apple also took other steps in Mac OS X and the Safari Web browser to try to keep unintended applications or files from being opened.

Apple said the update is being made available for those running version 10.3.4 of Mac OS X Panther and version 10.2.8 of Mac OS X Jaguar, as well as the corresponding server versions.

Apple is still investigating whether the flaw exists in earlier versions of the Mac OS, and Schiller said it is "too soon to tell" whether Apple will fix it in other versions.

6 comments

Join the conversation!
Add your comment
Unix flaws?
I was under the impression that Unix was hard to hack. Isn't the new Mac OS a derivative of Unix?
Posted by bobby_brady (765 comments )
Reply Link Flag
Unix flaws?
I was under the impression that Unix was hard to hack. Isn't the new Mac OS a derivative of Unix?
Posted by bobby_brady (765 comments )
Reply Link Flag
You are duped
If you haven't noticed it yet, news organizations like news.com is duping you with stories like this. There is no such rule that Unix can not be hacked, in fact it has been hacked so many times and people still hack it from time to time. The problem is that, news.com and similiar organizations are trying to prevent people from using Microsoft products, thus come up with such myths as unix can not be hacked etc... Just check out security vulnerabilities in many unix operating systems. I just updated my redhat, it downloaded something around 200 security fixes. A lot of them being critical.

On another topic, this vulnerability has nothing to do with the unix core of Apple. It is a program (Helper) and a set of features within the MacOS X.
Posted by (13 comments )
Reply Link Flag
Actually..
Actually unix is very secure in its pure form. Linux has so many patches because 99% of its vulnerabilities are found in the first 90 days after release while Microsoft is still just now releasing patches for 9 year old security holes the size of Mac trucks. Theres a reason Microsoft doesnt support Win98 anymore.. so they dont have to admit theyre still finding major exploits in it on top of the 150 patches they have already released. Also you must take into account that most Windows patches contain fixes for multiple flaws. 200 patches to fix 200 flaws is a far cry better than 100 patches to fix 400 flaws.

I dont think Mac OS X is doing so bad considering its the first critical flaw found in 3 years (just try not to laugh when you realize its in a subsystem designed to function like Windows).

And last but not least.. CNet is well known to be biased towards Microsoft their biggest investor not Apple.
Posted by Fray9 (547 comments )
Link Flag
You are duped
If you haven't noticed it yet, news organizations like news.com is duping you with stories like this. There is no such rule that Unix can not be hacked, in fact it has been hacked so many times and people still hack it from time to time. The problem is that, news.com and similiar organizations are trying to prevent people from using Microsoft products, thus come up with such myths as unix can not be hacked etc... Just check out security vulnerabilities in many unix operating systems. I just updated my redhat, it downloaded something around 200 security fixes. A lot of them being critical.

On another topic, this vulnerability has nothing to do with the unix core of Apple. It is a program (Helper) and a set of features within the MacOS X.
Posted by (13 comments )
Reply Link Flag
Actually..
Actually unix is very secure in its pure form. Linux has so many patches because 99% of its vulnerabilities are found in the first 90 days after release while Microsoft is still just now releasing patches for 9 year old security holes the size of Mac trucks. Theres a reason Microsoft doesnt support Win98 anymore.. so they dont have to admit theyre still finding major exploits in it on top of the 150 patches they have already released. Also you must take into account that most Windows patches contain fixes for multiple flaws. 200 patches to fix 200 flaws is a far cry better than 100 patches to fix 400 flaws.

I dont think Mac OS X is doing so bad considering its the first critical flaw found in 3 years (just try not to laugh when you realize its in a subsystem designed to function like Windows).

And last but not least.. CNet is well known to be biased towards Microsoft their biggest investor not Apple.
Posted by Fray9 (547 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.