Security firm Secunia warned Apple Computer users this past weekend that they remain at risk to attack even if they apply a patch Apple published Friday to fill a security hole. "It is still possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X," Secunia's security advisory states. In an E-mail interview Monday, a Secunia spokesman said that the security firm hasn't been in contact with Apple to discuss the lingering security vulnerability.
According to Secunia's advisory, Apple's security update doesn't solve all the security problems related to the two flaws widely reported May 17. The firm says users remain vulnerable to a "disk URI vulnerability." The disk URI vulnerability, Secunia says, makes it possible for attackers to establish malicious Web sites to surreptitiously place programs on users' systems. The firm is advising Mac OS X users to uncheck the "open safe files after downloading" option and add a protocol helper application for disk and disks. It's best that Apple users don't visit untrusted Web sites or surf the Internet as privileged users, Secunia says.
News source: InformationWeek