Apple plugs Four Security Holes

Apple has made four new security updates available on its website and the Software Update selection under the Apple menu on a Mac. The flaws in Mac OS X and iChat were identified by the Month of Apple Bugs project, which also included proof-of-concepts for the flaw, although attack code doesn't appear to have surfaced. Apple has fixed several flaws identified during the course of January by the project, but some remain open.

Two of the flaws found in Finder and iChat could allow an attacker to execute code on an unpatched system, Apple said. There's a buffer overflow flaw in Finder that could allow an attacker to take control of a system by "enticing a user into mounting a malicious disk image," or tricking someone into enabling local access of a file supposedly stored on a remote server. The iChat patch fixes an issue in which a user could click on a malicious URL in a chat session and trigger an overflow, possibly opening the system to an attacker. The two other patches concern flaws that require a malicious local user. The first is in iChat again and could cause the application to crash while the second one is for a UserNotification flaw that could allow system files to be overwritten.

News source: News.com

Report a problem with article
Previous Story

Nokia to shed 700 jobs, half in Finnish home

Next Story

AMD Quietly Slashes Desktop Processor Prices

7 Comments

Commenting is disabled on this article.

So, these are 4 out of the 30 some they posted about in MOAB for January. Hey with luck though, maybe they'll fix the others before the year ends.

Remember also that some were flaws in products such as "VLC", which isn't an Apple product at all. Apple cannot patch a flaw in optional 3rd party software. It was listed as an Apple MoB because it can run on the Apple platform.

As for the fixes, as I say when Microsoft or Linux issues patches and updates: "good"

Haha, curiously, the Month of Apple bugs didn't make the frontpage many times about the bugs found. Now it makes the frontpage because bugs are fixed :)

Owned.

Edited : Cleared up the confusion.