Two Macintosh Internet security companies are reporting two related “critical” security issues for Macintosh Internet users. Conveniently, each is also supplying a solution.

According to Intego’s press release, “A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5.” Recommendation: “The best way to protect against this exploit is to run Intego VirusBarrier X5 with its virus definitions dated June 19, 2008.”

Relatedly, according to SecureMac: “SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5.” Recommendation: “run MacScan 2.5.2 (MacScan is a product of SecureMac) with the latest Spyware Definitions update (2008011), dated June 19th, 2008.”

Both companies also go on to state what is in fact the key form of protection: download files only from trusted sources and sites. As is almost always the case, these “vulnerabilities” can only be exploited through users being tricked into downloading and running things they shouldn’t.

It’s pretty clear there is a problem here, in that Apple has built its Apple Remote Desktop service in such a way that it can be exploited in ways that shouldn’t be possible (see the press releases for details). Hopefully Apple will fix that problem shortly. And it’s also important that we all should be aware of these types of problems in a timely manner, which these companies have helped to make happen. What’s unclear is the extent to which these companies are also benefitting from the “problem,” and whether there’s any conflict of interest. Being a security company ourselves, we can definitely see both sides of this issue. It’s hard to know how much to say and when to say it (see for instance the Back to My Mac issue that we brought to light).

For now, the companies definitely deserve the benefit of the doubt. It’s good to have people out there watching out for us, as long as we watch those people closely enough to be sure that’s really what they’re doing.