Mac OS X patch faces scrutiny
An Apple Computer patch released last week doesn’t completely fix a high-profile Mac OS X flaw, leaving a toehold for cyberattacks, experts said.
The Mac maker released a security update for its operating system on Wednesday to plug 20 holes. The patch arrived after two weeks of intense scrutiny of the safety of OS X, prompted by the discovery of two worms, and the disclosure of a vulnerability that was deemed “extremely critical” by security monitoring company Secunia.
The update added a function called “download validation” to the Safari Web browser, Apple Mail client and iChat instant messaging tool. The function warns people that a download could be malicious when they click on the link. Before that change, clicking on a link could have resulted in the automatic execution of code on a Mac.
But Apple failed to address a key part of the problem, the fix should be at a lower, operating system level, experts said. It is now still possible for hackers to construct a file that appears to be a safe file type, such as an image or movie, but is actually an application, they said.
Full story: ZDNet Australia