Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    Mac Users, Developers Reconciled to Security Threats

    By
    Ian Betteridge
    -
    May 26, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Despite release of a security patch by Apple Computer Inc. on Friday, and following Tuesday reports of further unplugged vulnerabilities in the companys Mac OS X operating system, users and developers appeared to take the warnings in stride.

      According to a security advisory updated Tuesday by Copenhagen-based security vendor Secunia Ltd., although the patch released by Apple on Friday prevents Web pages from calling the “help:” uniform resource identifier, it still remains possible to remotely mount disk images without a users permission.

      By registering and executing an arbitrary URI handler, hackers could run code placed on the disk image. Secunia said it is possible to use this exploit with volumes mounted via the “disk:” URI handler, or via AFP (Apple File Protocol), FTP, or SMB protocols. Secunia rates this vulnerability as “extremely critical.”

      Although Apple has yet to make any public pronouncement about the newly-discovered vulnerabilities, it took the unusual step of issuing a press release after it released its last patch.

      In the message, Phil Schiller, the companys senior vice president of worldwide product marketing, said: “Apple takes security very seriously and works quickly to address potential threats as we learn of them—in this case, before there was any actual risk to our customers.”

      As yet, there have been no reports of anyone using the security holes in a malicious exploit.

      “There are no computers without a list of vulnerabilities and Apple is no exception,” said one IT manager of a large educational institution who requested anonymity. “Sun puts out patches every week. Apple has been responsive to security.”

      The administrator said he was less concerned over security for his Mac and Linux systems than for his Windows machines. The lack of exploits on the Mac platform, he said, showed that the vulnerabilities werent easy to exploit, and that malware authors looked for a larger audience for their creations.

      “I suspect that theres not as much chance for bragging rights on OS X [from an exploit]. And its clear that they dont hate Apple like they hate Microsoft,” he added.

      For insights on Apple and Macintosh coverage around the Web, check out Matthew Rothenbergs Weblog.

      Still, at the heart of the recent security issues appears to be the overall design of URI handling in Mac OS X. Some observers said the interface has focused on ease of use rather than security. In its advisory, Secunia charged that “the core of the problem seems to be the design of URI handling in Mac OS X. It is likely that many other URI handlers are affected in various ways.”

      Jason Harris, a programmer with Mac software developer Unsanity Inc., offered that “this is a rather large problem without an easy solution.”

      “Theres lots of overlap between useful applications of this functionality and malicious ones, meaning that Apple cant easily fix this without removing useful features from its operating system and from existing apps,” Harris said.

      Editors Note: David Morgenstern contributed to this report.

      Check out eWEEK.coms Macintosh Center at http://macintosh.eweek.com for the latest news, reviews and analysis about Apple in the enterprise.

      Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page

      Ian Betteridge
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×