Dec 8 2004
MacCentral has posted a little article from NetSec, claiming that the recent “web hole” in OS X has yet to be fixed. According to NetSec, this vulnerability “could allow attackers to exploit URLs to gain access to back-end data structures and carry out website defacement or information theft.” Apple has responded to the vulnerability by patching Apache in Security Update 2004-12-02. According to NetSec, however, this isn’t good enough. Other applications, like WebStar, are still vulnerable. What NetSec doesn’t realize is that this is not Apple’s problem anymore. Apple only supports the default installation of OS X, which includes Apache. Beyond that, the third-party applications are left to themselves. This is similar to the incident in which a massive vulnerability affected all web browsers. Yes, Apple fixed Safari, but they did not have to issue a fix for FireFox, because Apple does not support third-party applications. Sorry, NetSec, it looks like you’ll have to wait for WebStar to pull itself out of the hole this time.