Apple Patches App-Launching Vulnerability in Mac OS X
The company recommended Security Update 2004-06-07 for both client and server versions of Mac OS X 10.3 (Panther) and Mac OS X 10.2 (Jaguar).
The update specifically fixes two security issues mentioned by the Common Vulnerabilities and Exposures listwhich is funded by the U.S. Department of Homeland Securityand beefs up protection against remote disk access. The update also returns some Telnet functionality lost in a previous security patch.
With the security update, Apple Computer Inc. made significant changes to the system service that opens applications. OS Xs LaunchServices component now launches only the applications that have been granted explicit permission by the owner.
When the system launches an application for the first time, the user will be presented with a new dialog box, which provides information on its location, such as the Download folder. Users must then click the boxs Open button to launch the application.
Thereafter, the application is considered "trusted," according to the company. Apples system applications, such as the Safari browser and other bundled applications that come with the package, are already considered "trusted," the company said in a technical note.
In addition, the patch released Monday buttons down Apples Safari and Terminal programs.
Apple offered no comment on the release of the security patch other than to reiterate a statement that the company is working quickly to address potential threats as it learns of them.
Philip Schiller, Apples senior vice president of worldwide product marketing, said last month, "While no operating system can be completely immune from all security issues, Mac OS Xs Unix-based architecture has so far turned out to be much better than most."
It also took some heat from Internet security researchers over vulnerabilities in OS X.