Apple Patches App-Launching Vulnerability in Mac OS X

By David Morgenstern  |  Posted 2004-06-07 Print this article Print

The company plugs another security vulnerability in its OS X operating system. The new patch addresses vulnerabilities when launching documents and applications from a Web page.

Apple on Monday plugged another security vulnerability in its OS X operating system. A new patch addresses vulnerabilities when launching documents and applications from a Web page. The company recommended Security Update 2004-06-07 for both client and server versions of Mac OS X 10.3 (Panther) and Mac OS X 10.2 (Jaguar). The update specifically fixes two security issues mentioned by the Common Vulnerabilities and Exposures list—which is funded by the U.S. Department of Homeland Security—and beefs up protection against remote disk access. The update also returns some Telnet functionality lost in a previous security patch.
With the security update, Apple Computer Inc. made significant changes to the system service that opens applications. OS Xs LaunchServices component now launches only the applications that have been granted explicit permission by the owner.
When the system launches an application for the first time, the user will be presented with a new dialog box, which provides information on its location, such as the Download folder. Users must then click the boxs Open button to launch the application. Thereafter, the application is considered "trusted," according to the company. Apples system applications, such as the Safari browser and other bundled applications that come with the package, are already considered "trusted," the company said in a technical note. For insights on Apple and Macintosh coverage around the Web, check out Matthew Rothenbergs Weblog. In addition, the patch released Monday buttons down Apples Safari and Terminal programs. Apple offered no comment on the release of the security patch other than to reiterate a statement that the company is working quickly to address potential threats as it learns of them. Philip Schiller, Apples senior vice president of worldwide product marketing, said last month, "While no operating system can be completely immune from all security issues, Mac OS Xs Unix-based architecture has so far turned out to be much better than most." The Monday patch follows a difficult month on the security front for the Cupertino, Calif., company. The company released several security patches and a security-focused system update in the month. It also took some heat from Internet security researchers over vulnerabilities in OS X. Check out eWEEK.coms Macintosh Center at for the latest news, reviews and analysis about Apple in the enterprise.

Be sure to add our Macintosh news feed to your RSS newsreader or My Yahoo page

David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.

In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.

David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.

He can be reached here.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel