[ISN] Apple Patches Security Hole in Mac OS X
InfoSec News
isn at c4i.org
Mon May 24 03:21:20 EDT 2004
http://www.eweek.com/article2/0,1759,1598258,00.asp
By Ian Betteridge
May 23, 2004
Apple has released an update to Mac OS X patching a security hole
that potentially allowed malicious code to be run via a Web page.
The hole, which was rated as "extremely critical" by security company
Secunia, allowed an attacker to potentially execute any Unix command,
including ones to erase the user's home directory.
The company took the unusual step of issuing a statement announcing
the fix, in contrast to its previous policy of refusing all comment on
security issues.
"Apple takes security very seriously and works quickly to address
potential threats as we learn of them—in this case, before there was
any actual risk to our customers," said Philip Schiller, Apple
Computer Inc.'s senior vice president of worldwide product marketing.
But according to some users, the company was notified of the problem
in February and has yet to respond to the original notification.
The fix is available via the Mac OS X Software Update System
Preference, or it can be downloaded from Apple's Web site.
More information about the ISN
mailing list