Apple on Monday issued a security update for Mac OS X addressing a number of issues found in the operating system. Security Update 2004-06-07 fixes all of the potential risks reported by security firms over the past few weeks, according to Phil Schiller, Apple’s senior vice president of Worldwide Product Marketing.
“We all have to be concerned about cyber-security and threats in general in the industry, but if Mac users just keep their software updates running, they shouldn’t have much to be concerned about,” Schiller told MacCentral. “We have consistently put out updates and security fixes for things while they are still in the realm of potential risks, not actual risks.”
While Apple has been quick to update Mac OS X, they have been criticized by security firm Secunia for downplaying the risk for its users and not communicating clearly with its customers when issuing updates.
“Microsoft and most Linux distributions have learned the lesson and properly describe the nature and the impact of (most) vulnerabilities, allowing their customers to properly estimate the severity of a fixed issue. This is not possible when reading an Apple update,” Secunia said in an email to MacCentral late last month.
Schiller said Apple would accept criticism on communicating with its customers and improve the language in the updates beginning with the one issued today. Apple is also placing the URL for its security Web site in related software updates to make people more aware of resources that are — and have been for some time — available to them.
“Some people beat us up saying we weren’t providing enough information — we actually were, they just didn’t know about some of the avenues that we provide that on, like the support site,” said Schiller.
Apple also took issue with the fact that they downplayed security issues found in Mac OS X. “Any criticism that we don’t take security seriously is just misplaced,” said Schiller.
The update includes the following components: DiskImages; LaunchServices; Safari; and Terminal.
According to notes provided with the update, Mac OS X will now present an approval alert when an application is to be run for the first time either by opening a document or clicking on a URL related to the application.
The update is available via the Software Update control panel or via Apple’s Security Web site.
“We are all happy that, to date, we have a very secure product and we’ve addressed issues very quickly,” said Schiller. “There is always the potential for threat or malicious attacks, but we’ve hopefully done a good job for everybody such that they can be aware, but not concerned.”