Apple has been criticized for not adequately labelling the seriousness of the security flaws in its operating system, following the release of four security updates on Monday.
@Stake vice president of research and development Chris Wysopal told Cnet: "They are not characterizing the issue so that people can make a security decision about it. It seems they think that everyone will update their computers all the time, and that is not the way the world works."
His comments followed Apple's admission of five vulnerabilities in the Mac OS X operating system, solved by the installation of the security updates. According to Cnet, one of these vulnerabilities is a buffer overflow in the Apple file-sharing system that could allow a remote attacker to take over control of the system – but Apple in is advisory claims the correction "improves the handling of long passwords."
Cnet claims most security companies would classify such a remotely exploitable software flaw as a "critical" vulnerability.
eEye Digital Security, the company that found a flaw in Apple's QuickTime back in February, also criticised Apple for not properly characterizing vulnerabilities. According to Apple: "Playing a malformed .mov (movie) file could cause QuickTime to terminate." However, eEye said a movie file could potentially be created that would cause malicious code to execute when the user opened the file.