Macworld UK reports claims by security researcher Tom Ferris that last Thursday's Security Update 2006-003 did not correct several "critical" security flaws in Safari, QuickTime, and iTunes that he reported to Apple in January 2006. The article says that Ferris considered publicly releasing the details of these flaws yesterday in his blog at security-protocols.com, but he has not done so as of today.
Since Apple does not identify its criteria or schedule for dealing with reported vulnerabilities, it is not clear whether serious known Mac OS X security issues remain uncorrected or when further security updates may be issued.
Debate continues over the question of whether vulnerabilities should be disclosed to the public when they are first discovered, to warn users and to spur software vendors into action, or whether details should be kept private to give software vendors more time to study security flaws and take preventative measures before knowledge of the details becomes widespread.
This story is on Page 2 because these security issues have not been confirmed by another source.