posted by Thom Holwerda on Tue 7th Mar 2006 15:27 UTC
An Apple Computer patch released last week doesn't completely fix a high-profile Mac OS X flaw, leaving a toehold for cyberattacks, experts said. The update added a function called 'download validation' to the Safari Web browser, Apple Mail client and iChat instant messaging tool. "While Apple added a checkpoint to the downloading and execution process, they did not eliminate this vulnerability," said Kevin Long, an analyst at security specialist Cybertrust and a Mac user for 11 years. "If a user can be tricked into opening a file that looks like a picture, the user may actually be opening a malicious script."