[ISN] Apple Patches Security Hole in Mac OS X

From: InfoSec News (isn@private)
Date: Mon May 24 2004 - 00:21:20 PDT

  • Next message: InfoSec News: "[ISN] Media missing at Los Alamos"

    http://www.eweek.com/article2/0,1759,1598258,00.asp
    
    By Ian Betteridge 
    May 23, 2004   
     
    Apple has released an update to Mac OS X patching a security hole 
    that potentially allowed malicious code to be run via a Web page. 
    
    The hole, which was rated as "extremely critical" by security company 
    Secunia, allowed an attacker to potentially execute any Unix command, 
    including ones to erase the user's home directory. 
    
    The company took the unusual step of issuing a statement announcing 
    the fix, in contrast to its previous policy of refusing all comment on 
    security issues. 
    
    "Apple takes security very seriously and works quickly to address 
    potential threats as we learn of them—in this case, before there was 
    any actual risk to our customers," said Philip Schiller, Apple 
    Computer Inc.'s senior vice president of worldwide product marketing. 
    
    But according to some users, the company was notified of the problem 
    in February and has yet to respond to the original notification. 
    
    The fix is available via the Mac OS X Software Update System 
    Preference, or it can be downloaded from Apple's Web site. 
    
     
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon May 24 2004 - 04:45:34 PDT