16
February
2007
|
04:46 AM
America/Los_Angeles

2.16.07: Apple patches critical bugs

Apple released four patches for "highly critical" security holes in MacOS X and iChat, eWeek reports.

One of the OS X bugs could allow for malicious remote code execution. A buffer overflow bug in the Finder's handling of volume names could allow an attacker to use a disk image to gain control of a Mac.


Of the two problems Apple moved to fix in iChat, one could lead to code execution on unprotected machines, according to the company. Apple highlighted a format string vulnerability in the iChat AIM URL handler that could be triggered using a specially crafted URL and may lead the program to crash or become infected. The problem is specifically present in copies of iChat included in the version 10.3.9 and 10.4.8 releases of Mac OS X and Mac OS X Server, Apple reported.

A second iChat issue, found in the same versions of the OS X desktop and server software, could allow attackers on the same local network as someone using the products to crash the messaging application. The problem is related to a null pointer dereference in iChat's Bonjour message handling, company officials said.