Apple posts Security Update 06-07-2004
Apple posts Security Update 06-07-2004
[Originally posted June 7th, 2004]
Apple has released Security Update 06-07-2004, which increases security when automatically opening an application for the first time. This new scheme prevents unauthorized or unintended applications from launching, eliminating a threat posed by URI handlers that could potentially run malicious code on a unsuspecting system.
Documentation accompanying the new release states " When you open an application manually, you are making an explicit choice to do so. But when you open a document, it may not be clear which application will be used. If you click an untrustworthy link, it may try to automatically open a downloaded application designed to cause harm to the system. The feature provided by Security Update 2004-06-07 will alert you if an application that is being automatically opened has not previously been opened, either manually or by consent to this warning dialog: 'The document you are opening will open the application "ProgramName" for the first time. Are you sure you want to open this application?"
The dialog box also tells the user where the application in question is being launched from, and instructs the user to cancel the launch if they were not expecting it.
Apple's documentation continues:
"Once an application has been opened, this message will not appear again for that particular application.
"Applications included with your computer are considered "trusted" and will not trigger the warning panel."
These security refinements should make the Paranoid Android haxie (which provided a similar method of protection from unfamiliar applications) and workarounds that make use of RCDefault unnecessary.
Security Update 06-07-2004 is available in both Mac OS X 10.3.x and Mac OS X 10.2.x versions, available via Software Update or as standalone downloads:
- Mac OS X 10.3.x [900k]
- Mac OS X 10.2.x [900k]
Resources