|Home » Industry Watch
Apple Security Update
The 7 June Apple Security Update increases security when automatically opening an application for the first time - a vulnerability first discovered by 'lixlpixel' in Munich. Several solutions for the hole spread around the Internet, and a fortnight after the hole became known Apple issued a fix. Note that this was not so much a programming bug as a conceptual flaw - and Apple seem to have effectively plugged the hole. Which, given the short time, is very impressive. Kudos.
An application may be automatically opened two ways: either by opening a document that is associated with the application or by clicking a link (URL) in a webpage or document.
When you open an application manually, you are making an explicit choice to do so. But when you open a document, it may not be clear which application will be used.
If you click an untrustworthy link, it may try to automatically open a downloaded application designed to cause harm to the system. The feature provided by this update alerts you if an application that is automatically opening hasn't already been opened, either manually or by consent to the warning dialog.
This effectively closes the 'protocol hole' - and conceptually as well. Read more at the following URLs.