The Cult of the Cool Mac: Made with 100% USDA real meat!

This week Apple released Security Update 2004-06-07. Among other things, it patches the operating system to alert users to potentially malicious code and prevent it from executing. This effectively ends the recent OS X security "crisis" (where "crisis" is in quotes because there has never been a malicious exploit for the security hole).

The patch works almost exactly the same way as Unsanity's Paranoid Android Preference Panel. When a program first tries to register a URL scheme, a system alert pops up and asks the user to okay or reject the request.

Some users may find that the Unsanity test-code still works on their computers. The issue arises because the Security Update only intercepts requests from new programs. If you have previously run Unsanity's tests then running them again won't trigger the alert. While this should prove to be a harmless hole, a tip on the Mac OS X Hints website details how to rebuild the LaunchServices database to make it seem that the Unsanity test has never been run before.

In addition to the new alert, the Security Update makes some other notable changes relating to previous security alerts. Safari's "Show in Finder" button now merely displays the location of a downloaded file instead of opening it. The update also removes the disk:// protocol from the system and alters the way that the system deals with telnet requests.

The Security Update is available via the Software Update control panel or from Apple's Security Web site.