This week’s security vulnerability is real, and cuts to the core of Mac OS X. Read on for Adam’s look at the problem and how to protect yourself, along with Matt Neuburg’s explanation of how it happened. Joe Kissell then explains Apple Mail’s spam filter with an excerpt from his new "Take Control of Spam with Apple Mail," ebook, and Adam introduces Envision, a program that turns a Mac into an Internet picture frame. In the news, we cover a minor Apple reorg and the releases of Office 2004 and SubEthaEdit 2.0. Lastly, no issue next week!
No TidBITS Issue 31-May-04 -- After this week's extra-long TidBITS issue, we're taking a week off for the U.S. Memorial Day holiday, which coincides with Managing Editor Jeff Carlson's birthday celebrations and the days I'll be spending at the MacDesign conference
Microsoft Office 2004 Ships -- Microsoft has officially released Office 2004 for Mac OS X, a significant revision to the near-ubiquitous suite of productivity tools
SubEthaEdit 2.0 Refines Collaboration -- The Coding Monkeys have released version 2.0 of SubEthaEdit, their unique real-time collaborative text editor
Apple Creates New iPod Division -- Highlighting the importance of its digital music player to Apple's bottom line, the company has formed a separate iPod division headed up by Vice President Jon Rubinstein, who previously ran Apple's hardware engineering
Like most people who use Apple Mail, I had high hopes that its improved Junk Mail filter, a much-touted benefit of upgrading to Panther, would live up to Apple's hype
A year or so ago, I realized that LCD monitors were coming down in price sufficiently that it would be feasible to mount one on a wall and use it to display photos and other digital art
It's not a Trojan horse, but a recently revealed security vulnerability does appear to be a very real concern. The exploit relies on unsafe actions that Apple allows for certain URL schemes (such as the http, ftp, or mailto bit at the beginning of a URL) and makes it possible for a malicious code to be delivered and executed silently, without the user realizing anything has happened.
The problem was initially thought to revolve around only two of these URL schemes: disk and help
Exactly what is it about Mac OS X that is responsible for the security vulnerability currently being discussed? The situation is a little confusing, and I may be muddling some of the details, but here's my current understanding of the situation.
As you know, when you double-click a document in the Finder, the application that "owns" that document starts up and opens the document
The second URL below each thread description points to the discussion on our Web Crossing server, which will be much faster, though it doesn't yet use our preferred design.
Mac Browser Security Hole -- Readers discuss the reality of the recently reported Mac OS X security hole and what should be done about it