Apple patches 'critical' OS X flaw
Company executives call the vulnerability its first critical security issue since Mac OS X was released three years ago.
A combination of holes disclosed by security researchers last month could have allowed an attacker to take over a vulnerable Macintosh, though no such exploits have been reported. Apple issued a partial fix last month, but security researchers had said that the Mac remained open to attack.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
Apple executives had earlier pledged to release a more complete patch, calling the flaw the first critical security issue since Mac OS X was released three years ago.
Apple said that creating the alert dialog box was the best way to prevent a malicious attack, while still preserving a popular feature of the operating system--the ability to open one program via a link from within another program. That feature allows one to send an e-mail directly through a link in a Web page, for instance.
"We believe we found a very good simple change in a core service that prevents these unwanted risks," Apple senior vice president Phil Schiller said on Monday. "This update, to the best of our knowledge, should close off the critical risk."
The
Apple is still investigating whether the flaw exists in earlier versions of the Mac OS, and Schiller said it is "too soon to tell" whether Apple will fix it in other versions.