What's really going on with this Mac OS X problem?
Permalinks to this entry: individual page or in monthly context. For more material from my journal, visit my home page or the archive.
As usual, TidBITS provides the best explanation of the Mac OS X security problem so far. If my little article doesn't explain things well enough, Matt Neuburg's piece probably does.
It seems to me—and has been pointed out by a number of others—that the fundamental problem with Apple's conjoining of various file-handler schemes in Mac OS X is that it treats untrusted content (from websites) the same as relatively trusted content (local files).
Now, it's true that you can't always trust things on your local hard drive or local network, especially if you don't know how they got there, but I think most people would agree that an arbitrary web URL is less trustworthy than a file you put on your Desktop.
What has impressed me is the rapid, continuous, and widely distributed effort in the Mac community to find ways to deal with the problem. Many people have done a lot of work in a short time to address it, and webloggers in particular have shared all their information freely, to help minimize any potential damage.
There has been some disagreement about the best solutions, but only a few days after the vulnerability became known, we also had several different and similarly effective ways to protect ourselves. That's good.
I hope Apple can quickly create additional patches to prevent any aspects of this vulnerability from being exploited. I think Mac OS X users are more likely to keep their systems up-to-date, using Software Update, than Windows users with Windows Update, so I hope the problem can be nipped in the bud before any serious exploits appear.