Apple Computer Inc. issued an update on Friday to fix a reported security hole in its Safari Web Browser. The vulnerability, which was classified as “Extremely Critical” by security firm Secunia, allowed the execution of malicious code on the users computer.
“Apple takes security very seriously and works quickly to address potential threats as we learn of them — in this case, before there was any actual risk to our customers,” said Philip Schiller, Apple’s senior vice president of Worldwide Product Marketing, in a statement. “While no operating system can be completely immune from all security issues, Mac OS X’s UNIX-based architecture has so far turned out to be much better than most.”
The vulnerability, which has been confirmed using Safari 1.2.1 (v125.1) and Internet Explorer 5.2, made it “possible to place arbitrary files in a known location, including script files, on a user’s system if the Safari browser has been configured to (“Open “safe” files after download”) (default behavior) by asking a user to download a “.dmg” (disk image) file,” according to Secunia’s advisory.
While acknowledging the vulnerability, industry security analysts felt that people would not be at high-risk because exploit writers typically focus on writing such code for the higher-profile Windows-based computers.
“It seems to be that people just don’t write exploits for the Mac because they’re not as popular and they [the exploit writers] don’t get much bang for the buck,” Bruce Schneier, CTO of Counterpane Internet Security Inc., told MacCentral. “Historically these aren’t that big of a deal, but that could change.”
Security Update 2004-05-24 version 1.0 is available via the Software Update control panel.