Yoo Hoo, New Article about the Security Patch - see below: Hmmm . I guess I could just rename my Mac HD: "MS.Net" and be safe. ;-D (That is a joke for those that get it)
Yours, Kay ...................... Secunia: Mac OS X Users Still At Risk May 24, 2004 Although Apple issued a patch late Friday afternoon, the security firm warns that users of the operating system still remain vulnerable to an "extremely critical" security flaw. By George V. Hulme Security firm Secunia warned Apple Computer users this past weekend that they remain at risk to attack even if they apply a patch Apple published Friday to fill a security hole. "It is still possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X," Secunia's security advisory states. In an E-mail interview Monday, a Secunia spokesman said that the security firm hasn't been in contact with Apple to discuss the lingering security vulnerability. According to Secunia's advisory, Apple's security update doesn't solve all the security problems related to the two flaws widely reported May 17. The firm says users remain vulnerable to a "disk URI vulnerability." The disk URI vulnerability, Secunia says, makes it possible for attackers to establish malicious Web sites to surreptitiously place programs on users' systems. The firm is advising Mac OS X users to uncheck the "open safe files after downloading" option and add a protocol helper application for disk and disks. It's best that Apple users don't visit untrusted Web sites or surf the Internet as privileged users, Secunia says. More information about the flaw and safety tips are available in Secunia's advisory. Last week, Apple refused to elaborate on the flaw, issuing a statement Friday following the publishing of the patch. "We take security very seriously at Apple and we are actively investigating this potential security issue. While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities." Apple wasn't immediately available for comment Monday. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2531 bytes Desc: not available Url : http://www.math.louisville.edu/pipermail/macgroup/attachments/20040524/cecc5f65/attachment.bin
