Secunia: Mac OS X Users Still At Risk

Security firm Secunia warned Apple Computer users this past weekend that they remain at risk to attack even if they apply a patch Apple published Friday to fill a security hole.

"It is still possible to execute arbitrary code on a vulnerable user's system, just as easy as before Apple issued Friday's security update for Mac OS X," Secunia's security advisory states.

In an E-mail interview Monday, a Secunia spokesman said that the security firm hasn't been in contact with Apple to discuss the lingering security vulnerability.

According to Secunia's advisory, Apple's security update doesn't solve all the security problems related to the two flaws widely reported May 17. The firm says users remain vulnerable to a "disk URI vulnerability."

The disk URI vulnerability, Secunia says, makes it possible for attackers to establish malicious Web sites to surreptitiously place programs on users' systems.The firm is advising Mac OS X users to uncheck the "open safe files after downloading" option and add a protocol helper application for disk and disks. It's best that Apple users don't visit untrusted Web sites or surf the Internet as privileged users, Secunia says.

More information about the flaw and safety tips are available in Secunia's advisory.

Last week, Apple refused to elaborate on the flaw, issuing a statement Friday following the publishing of the patch. "We take security very seriously at Apple and we are actively investigating this potential security issue. While no operating system can be completely secure from all threats, Apple has an excellent track record of identifying and rapidly correcting potential vulnerabilities."

Apple wasn't immediately available for comment Monday.