security update 7th June 2004

Immediately following Security Update 2004-05-24 and the recent 10.3.4 Panther upgrade, Apple have released another update, Security Update 2004-06-07. This version continues fixes related to the flurry of security problems found relating to URL handlers last month, with the following fixes:

  • Launch Services - Restricts custom URL handlers to only applications that have already explicitly been run, avoiding the possibility of an automatic insertion of a new URL handler at attack time.
  • disk:// handlers have been removed from the system
  • "Show in finder" in Safari now works correctly, and will not open/execute downloads
  • telnet:// handlers now work correctly. Specifying an alternate port number was disabled when Security Update 2004-05-24 fixed other telnet:// problems.

A separate version for Jaguar users is available Security Update 2004-06-07 for Jaguar, or run Software Update.

> More information

(Based on AppleTalkAU, used with permission.)

Posted by Antony at June 7, 2004 8:57 PM

>> more MacCentre701 June 2004 reports.