Despite release of a security patch by Apple Computer Inc. on Friday, and following Tuesday reports of further unplugged vulnerabilities in the company’s Mac OS X operating system, users and developers appeared to take the warnings in stride. According to a security advisory updated Tuesday by Copenhagen-based security vendor Secunia Ltd., although the patch released by Apple on Friday prevents Web pages from calling the “help:” uniform resource identifier, it still remains possible to remotely mount disk images without a user’s permission. By registering and executing an arbitrary URI handler, hackers could run code placed on the disk image. Secunia said it is possible to use this exploit with volumes mounted via the “disk:” URI handler, or via AFP (Apple File Protocol), FTP, or SMB protocols. Secunia rates this vulnerability as “extremely critical.” Although Apple has yet to make any public pronouncement about the newly-discovered vulnerabilities, it took the unusual step of issuing a press release after it released its last patch. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.