Apple Posts Another Security Update For Mac OS X

Apple on Monday posted another security patch for its Mac OS X 10.2.8 and 10.3.4 operating systems to fix a vulnerability when opening documents and launching applications from a Web page.

Security vendor Secunia dubbed the vulnerability "extremely critical" in an updated advisory posted on its Web site. The vulnerability could compromise Mac OS X-based machines whose users are enticed to malicious Web sites.

Security Update 2004-06-07, said Apple, should be installed by users of both client and server systems running either Jaguar (10.2.8) or Panther (10.3.4).

Although Apple released an earlier fix last month, security experts took the company to task for not completely closing the vulnerability.

The update changes the way that the Mac OS launches helper applications when users click on specific Web links, including those that mount disk images to the desktop or allow users to send e-mail messages from a link in a Web page. With the update in place, users face an alert box the first time a program is run from a Web page or when an attempt to mount a disk image is made. The user can decline or approve the action from the alert dialog.The patch can be downloaded via Apple's Software Update service. More information on the fix can be found on Apple's Web site.