Apple has issued a security update that addresses the vulnerabilities in Mac OS X highlighted by security firm Secunia on
A security patch, said to guard against the vulnerabilities in the way the Mac browser handles Uniform Resource Identifiers (URI) was originally issued on May 21, but did not offer a complete solution to the flaws, which leave Macs open to compromise by malicious Web sites.
According to Apple senior vice president of worldwide product marketing Phil Schiller, the new security update 2004-06-07 fixes all of the risks. Apple urges all users of Mac OS X to download the update which is available via software update or via Apple's security Web site.
Schiller told MacCentral "We all have to be concerned about cyber-security and threats in general in the industry, but if Mac users just keep their software updates running, they shouldn't have much to be concerned about. We have consistently put out updates and security fixes for things while they are still in the realm of potential risks, not actual risks."
Following a series of security issues, Apple was criticised for downplaying the risk to its users, and for not communicating the necessarily of the updates to its customers.
Schiller said Apple would accept criticism on communicating with its customers and improve the language in the updates beginning with this update. Apple is also placing the URL for its security Web site in related software updates to make people more aware of resources that are – and have been for some time – available to them.
"Some people beat us up saying we weren't providing enough information – we actually were, they just didn't know about some of the avenues that we provide that on, like the support site," said Schiller.
Schiller also responded to criticism that Apple had downplayed security issues saying: "Any criticism that we don't take security seriously is just misplaced."
The update, which is detailed on Apple's Web site, includes the following components: DiskImages; LaunchServices; Safari; and Terminal.
As part of Apple's improved communication, Mac OS X will now present an approval alert when an application is to be run for the first time either by opening a document or clicking on a URL related to the application.
Schiller added: "We are all happy that, to date, we have a very secure product and we've addressed issues very quickly. There is always the potential for threat or malicious attacks, but we've hopefully done a good job for everybody such that they can be aware, but not concerned."