The company plugs another security vulnerability in its OS X operating system. The new patch addresses vulnerabilities when launching documents and applications from a Web page.
Apple on Monday plugged another security vulnerability in its OS X operating system. A new patch addresses vulnerabilities when launching documents and applications from a Web page.
The company recommended Security Update 2004-06-07
for both client and server versions of Mac OS X 10.3 (Panther) and Mac OS X 10.2 (Jaguar).
The update specifically fixes two security issues mentioned by the Common Vulnerabilities and Exposures
listwhich is funded by the U.S. Department of Homeland Securityand beefs up protection against remote disk access. The update also returns some Telnet functionality lost in a previous security patch.
With the security update, Apple Computer Inc. made significant changes to the system service that opens applications. OS Xs LaunchServices component now launches only the applications that have been granted explicit permission by the owner.
When the system launches an application for the first time, the user will be presented with a new dialog box, which provides information on its location, such as the Download folder. Users must then click the boxs Open button to launch the application.
Thereafter, the application is considered "trusted," according to the company. Apples system applications, such as the Safari browser and other bundled applications that come with the package, are already considered "trusted," the company said in a technical note.
For insights on Apple and Macintosh coverage around the Web, check out Matthew Rothenbergs Weblog.
In addition, the patch released Monday buttons down Apples Safari and Terminal programs.
Apple offered no comment on the release of the security patch other than to reiterate a statement that the company is working quickly to address potential threats as it learns of them.
Philip Schiller, Apples senior vice president of worldwide product marketing, said last month, "While no operating system can be completely immune from all security issues, Mac OS Xs Unix-based architecture has so far turned out to be much better than most."
The Monday patch follows a difficult month on the security front for the Cupertino, Calif., company. The company released several security patches
and a security-focused system update
in the month.
It also took some heat
from Internet security researchers over vulnerabilities in OS X.
Check out eWEEK.coms Macintosh Center
for the latest news, reviews and analysis about Apple in the enterprise.
Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page