"It is still possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X," Secunia's security advisory states.
In an E-mail interview Monday, a Secunia spokesman said that the security firm hasn't been in contact with Apple to discuss the lingering security vulnerability.
According to Secunia's advisory, Apple's security update doesn't solve all the security problems related to the two flaws widely reported May 17. The firm says users remain vulnerable to a "disk URI vulnerability."
The disk URI vulnerability, Secunia says, makes it possible for attackers to establish malicious Web sites to surreptitiously place programs on users' systems.