Apple still has a hole: Secunia
p2pnet.net News:- No news is bad news when it comes to security flaws. And that’s the situation with the Mac OS X vulnerability.
Confirmation of a Mac Attack was out several days ago and on May 21, Apple Computer issued a kind of security alert / promo piece it called an update and in which it addressed “Security Concerns“.
Denmark’s Secunia issued a detailed description – “Mac OS X Volume URI Handler Registration Code Execution Vulnerability”.
It’s still up, but there’s been nothing further from Apple on whether or not the fix fixed anything, if Apple owners should worry, or anything else.
Secunia’s ceo Niels Rasmussen, however, has no doubts about where things stand.
Quoted in a Reuters story here, he says although Apple patched one of the vulnerabilities, it didn’t address the disk URI vulnerability, which could allows malicious Web sites to silently place code on a user’s system.
“Mac users are left just as vulnerable as they were last week,” Rasmussen says in the Reuters piece. “They (Apple) have dealt with one of the vulnerabilities in the correct way but with the other one they have not.”
Apple did not immediately return calls seeking comment, adds the report, but, “Apple has not yet released patches for these issues,” says Secunia.
May 27th, 2004 at 3:15 pm
Now let’s see those people talk about windows having slow support.
It takes TIME to come out with patches, people…
May 27th, 2004 at 7:14 pm
It takes time to come out with patches.
Mac OS 10.3.4 was released 26.MAY.2004 approx 3PM EST
It appears to address the items of concern to Secunia.
May 27th, 2004 at 8:56 pm
Mac OS 10.3.4 update does not address all of the theoretical issues raised by Secunia.
The Safari application has code mods along with the Mail app. But the service redirects in the posted vulnerability manual work arounds appear to have not been touched.