Apple releases complete patch for OS X flaw

Apple has released a security patch that fixes what the company called the first 'critical' Mac OS X flaw.

A combination of holes disclosed by security researchers last month could have allowed an attacker to take over a vulnerable Macintosh, though no such exploits have been reported. Apple issued a partial fix last month, but security researchers had said that the Mac remained open to attack.

Apple executives had earlier pledged to release a more complete patch, calling the flaw the first critical security issue since Mac OS X was released three years ago.

Apple said that creating the alert dialog box was the best way to prevent a malicious attack, while still preserving a popular feature of the operating system - the ability to open one program via a link from within another program. That feature allows one to send an email directly through a link in a web page, for instance.

"We believe we found a very good simple change in a core service that prevents these unwanted risks," Apple senior vice president Phil Schiller said. "This update, to the best of our knowledge, should close off the critical risk."

The patch, which was made available via Mac OS X's Software Update, attempts to prevent such problems by warning users when a program is being launched via the internet that has not previously been run on the system. Apple also took other steps in Mac OS X and the Safari web browser to try to keep unintended applications or files from being opened.

Apple said the update is being made available for those running version 10.3.4 of Mac OS X Panther and version 10.2.8 of Mac OS X Jaguar, as well as the corresponding server versions.

Apple is still investigating whether the flaw exists in earlier versions of the Mac OS, and Schiller said it is "too soon to tell" whether Apple will fix it in other versions.

Ina Fried writes for CNET News.com