Apple posts Security Update 2004-05-24 for Mac OS X 10.3.3, 10.2.8

Apple today posted a Mac OS X update to address a theoretical vulnerability in the Help Viewer application that could have been exposed when browsing the web. The update is available automatically to all users through Apple’s free Software Update service or by going to http://www.apple.com/support/downloads/ .

“Apple takes security very seriously and works quickly to address potential threats as we learn of them-in this case, before there was any actual risk to our customers,” said Philip Schiller, Apple’s senior vice president of Worldwide Product Marketing in the press release. “While no operating system can be completely immune from all security issues, Mac OS X’s UNIX-based architecture has so far turned out to be much better than most.”

To maintain maximum system security and stability Apple always advises that all Mac OS X users keep their system current by installing this and all Mac OS X software updates.

Security Update 2004-05-24 for Mac OS X 10.3.3 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes HelpViewer. Security Update 2004-05-24 for Mac OS X 10.2.8 includes HelpViewer and Terminal.

Security Update 2004-05-24 for Mac OS X 10.3.3 is available via Software Update. More information and download link (271KB) here.

Security Update 2004-05-24 for Mac OS X 10.2.8 is available via Software Update. More information and download link (335KB) here.

25 Comments

  1. Alright! Good Job Apple. I am just a bit worried because supposedly the flaw was reported at the end of February I believe. Lack of action or reply is why the discoverer put it up on the web. It may have not been sent to the correct email address however. Apple should put a “security” link on the top of their entry page. They could explain in detail how much Safer OS X is than windows and why (good promo) AND provide the correct link to report security flaws if they are found.

  2. Whether “That was fast” or not depends on whether it took 3 months to build the patch or if it took a few days to build once the vulnerability was publicized.

    Microsoft has a similar vulnerability. Anyone know the status of their patch or even if it exists yet? If they don’t, then you can talk about relative quickness in comparison to M$.

  3. OH NOOOO, now we are back where Windows trolls can come up and brag they can run more software then OS X. Now all those cute Trojans cannot run anymore. Apple is doomed: less and less can run on this planform of the everexpanding user provided sw that runs on Windows.

  4. Sorry to break more bad news, there is ANOTHER Exploit.

    A mounted image with a nasty script can be run from a web page link.

    Since we have no control if a web site decides to download a dmg or ftp image, if it contains a nasty and appears quickly and behind a window for instance.

    Then clicking a disguised web page link will run the nasty script .

    Web page links shouldn’t be launching scripts, with this new exploit apparantly they can.

    Shoot me I’m just the messenger.

  5. Kool: tried. Does nothing. The link they provide as *proof* apparently proves me that Apple fixed it. The malware did not start: the link simply downloaded the dmg, period. Nothing of what they described should happen has happened.

    Apple 7 – Malware 0

    Touch down!

  6. I too had no problems with the above link. In fact, since I’m running “Little Snitch”, I had a dialog pop up telling me the application “diskimages-helper” wanted to connect through port 80. I allowed it to connect since I wanted to see what happened. It downloaded the disk image, mounted, and nothing else happened. Looks like “Little Snitch” was my first line of defense, and Apple already got the problem fixed anyway.

  7. valx, your post made my day: I modified the firewall to not allow port 80 access: the malware exploit has been blocked: I now have as a message that malwareosxdisk.dmg was not reachable by clicking on the unsanity link.

    Apple 14 – Malware 7

    Touch down!

  8. I tried it. The Disk image did download and mount but nothing else happened. I am not running little snitch or anything else. Just did the security update. If I clicked on the malware, what they said would happen did but if I did not then nothing. Sooooo I guess we are back to only downloading applications from trusted sources. Dunno what apple did but it seems to work.

  9. I applied the security update and tried the exploit link. Dmg downloaded and launched…So, I rebooted to ensure the security update had “taken”. Tried the link again and same result; dmg downloaded, launched and wrote the txt file to my home directory…disappointing. Perhaps there’s something else I should be doing? Well, besides being smart and not clicking links from trusted sources, that is… ” width=”19″ height=”19″ alt=”grin” style=”border:0;” />

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.