Researcher: Apple Missed Bugs In Newest Update

A security research who last week said bugs he'd disclosed in April had been fixed by Apple Computer Inc.'s latest security update now claims that several continue to pose risks to Macintosh users.

Tom Ferris, who three weeks ago publicized several zero-day vulnerabilities in Mac OS X and its bundled Safari browser, said on his Security Protocols Web site that Apple missed some bugs.

"Apple['s] security update 2006-003 did not fix all of the issues I had reported to them," wrote Ferris. "All of the Safari flaws within the 'Apple OS X Safari 2.0.3 Multiple Vulnerabilities' advisory are still unpatched."

Ferris also claimed that the main problem noted in another advisory had not been repaired. "Security Update 2006-003 does prevent the crash when opening the original proof-of-concept file. But after slightly modifying that file, I was able to trigger the same issue with the latest security update installed."

Apple rolled out its 2006-003 security update Thursday, fixing 31 flaws in Mac OS X and another dozen in the QuickTime multimedia player.