Researcher Tom Ferris: OS X Patch Doesn't Fix All Flaws

Independent researcher Tom Ferris noted last Thursday on his blog that Appleis latest Mac OS X security update fixes almost all of the flaws he noted in a report last month. As he said to an InfoWorld reporter, flaws still exist in Safari, QuickTime and iTunes, details of which he will release on his Web site if Apple doesnit respond to him.

He told The Mac Observer that he would give Apple "at least a week, no later than that" to respond to him. He said that he expects that to happen in the next few days, although he noted that their past responsiveness has varied.

"The intent is to let people know how to mitigate the issue until Apple fixes it," he explained. "Iim sure Iim not the only one who has found it, and it could be exploited in the wild until Apple fixes it."

In fact, Mr. Ferris has already found variants of the bugs that Apple fixed, and he plans to send them to the company as well. Those details will also be published if Apple doesnit respond in a timely manner.