Apple Inc (AAPL)

[2bStealthy]

Apple Patches App-Launching Vulnerability in Mac OS X

By David Morgenstern
June 7, 2004

Apple on Monday plugged another security vulnerability in its OS X operating system. A new patch addresses vulnerabilities when launching documents and applications from a Web page.

The company recommended Security Update 2004-06-07 for both client and server versions of Mac OS X 10.3 (Panther) and Mac OS X 10.2 (Jaguar).

The update specifically fixes two security issues mentioned by the Common Vulnerabilities and Exposures list—which is funded by the U.S. Department of Homeland Security—and beefs up protection against remote disk access. The update also returns some Telnet functionality lost in a previous security patch.

With the security update, Apple Computer Inc. made significant changes to the system service that opens applications. OS X's LaunchServices component now launches only the applications that have been granted explicit permission by the owner.

When the system launches an application for the first time, the user will be presented with a new dialog box, which provides information on its location, such as the Download folder. Users must then click the box's Open button to launch the application.

Thereafter, the application is considered "trusted," according to the company. Apple's system applications, such as the Safari browser and other bundled applications that come with the package, are already considered "trusted," the company said in a technical note.

For insights on Apple and Macintosh coverage around the Web, check out Matthew Rothenberg's Weblog.

In addition, the patch released Monday buttons down Apple's Safari and Terminal programs.



Apple offered no comment on the release of the security patch other than to reiterate a statement that the company is working quickly to address potential threats as it learns of them.

Philip Schiller, Apple's senior vice president of worldwide product marketing, said last month, "While no operating system can be completely immune from all security issues, Mac OS X's Unix-based architecture has so far turned out to be much better than most."

The Monday patch follows a difficult month on the security front for the Cupertino, Calif., company. The company released several security patches and a security-focused system update in the month.

It also took some heat from Internet security researchers over vulnerabilities in OS X.

http://www.eweek.com/article2/0,1759,1608221,00.asp?kc=ewnws060804dtx1k0100599