You are here: silicon.com > Software > Security Strategy

Security Strategy

Apple fixes four flaws

Plugs holes in OS X and iChat...

Tags: flaws, patch, apple

By Tom Krazit

Published: 16 February 2007 08:15 GMT

Apple has issued four security updates to fix flaws in Mac OS X and iChat identified by the Month of Apple Bugs project.

Two of the flaws could allow an attacker to execute code on an unpatched system, Apple said. Patches are now available on Apple's website or through the Software Update selection under the Apple menu on a Mac.

Apple noted that proof-of-concepts for the flaws were posted on the Month of Apple Bugs website. But it doesn't appear that attack code has surfaced using the concepts outlined by the project. Apple has fixed several flaws identified during the course of January by the project but some remain open.

The two flaws that could lead to arbitrary code execution are found in Finder and iChat. There's a buffer overflow flaw in Finder which could allow an attacker to take control of a system by "enticing a user into mounting a malicious disk image", or tricking someone into enabling local access of a file supposedly stored on a remote server. Apple credited Kevin Finisterre, one of the participants in the Month of Apple Bugs project, for reporting the issue, something it did not do on the three other flaws patched at the same time.

The other patch, for iChat, fixes an issue in which a user could click on a malicious URL in a chat session and trigger an overflow, possibly opening the system to an attacker.

Two patches concern flaws that require a malicious local user. This includes another iChat flaw that could cause the application to crash as well as a fix for a UserNotification flaw that could allow system files to be overwritten.

Tom Krazit writes for CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Technical Support Analyst / 1st and 2nd line Support Engineer Windows, Networks - REF: 2090

Apple Mac O/S experience would be an advantage. The ability to communicate technical concepts clearly with non-technical customers. For more ...

Apple MAC Support- Immediate Start- Contract

I am currently looking for an Apple Mac support engineer for my large Media Client. Technically you will need to be proficient and have ...

Software Support Specialist - London - Perm

The successful candidate will be responsible for providing technical support for trading applications, as well as performing certification of ...

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.





Quick Sitemap Links: