Apple issued a patch for the “help” flaw on Friday, but the fix leaves the “disk” problem unpatched, experts said. “Mac users are as vulnerable now, as before the patch was released,” Niels Henrik Rasmussen, chief executive of security firm Secunia told us. Secunia and other security bodies, including the U.S. government, classified the bugs as serious because the problems are easy to exploit and working exploits are available.
Once a disk image containing malicious code is downloaded the code can be executed via other networking protocols, such as FTP and AFP, according to Secunia. A temporary fix is to modify the Mac’s Internet preferences, turning off the option to open “safe” files after downloading and adding a helper application for the “disk” and “disks” protocols, the company said in its advisory.
Read more at InfoWorld.