Apple security update patches iChat, disk image flaws

Posted:
in macOS edited January 2014
Apple Inc. on Thursday issued a security update that stomps out four critical flaws within its Mac OS X operating system, all of which were first revealed last month as part of the "Month of Apple Bugs" project run by independent security analysts.



Specifically, the Cupertino-based company tackled two glitches affecting its iChat video conferencing software.



The first fix targets a vulnerability that left iChat's Bonjour wireless discovery open to an attack that could result in an application crash. Meanwhile, the second patches a format string vulnerability in the software's URL handler that could have allowed attackers to trigger an overflow, which could then lead to an application crash or arbitrary code execution.



Apple said it addressed the issues by performing additional validation of both Bonjour messages and AIM URLs.



The Mac maker also bandaged a memory corruption vulnerability in the Mac OS X Finder that could be triggered by a disk image containing a volume name longer than 255 bytes. The issue, which could lead to an exploitable denial of service condition and potential arbitrary code execution, was repaired through additional validation checks, the company said.



Of all the bugs targeted by the Apple security update, one that was capable of using the Mac OS X notification process to hijack root access may have posed the greatest danger to users. Apple said the issue was repaired by making the UserNotificationCenter software process drop its group privileges immediately after launching.



All four fixes are available as part of Security Update 2007-002, which was made available for Intel-based Macs running Mac OS X 10.4.8 [6.6MB], PowerPC-based Macs running Mac OS X 10.4.8 Client or Server [3.8MB], and Macs running Mac OS X 10.3.9 [1.4MB].

Comments

  • Reply 1 of 18
    wilcowilco Posts: 985member
    It's about time!
  • Reply 2 of 18
    emig647emig647 Posts: 2,455member
    I really don't feel it took THAT long. 2 weeks is pretty quick IMO to figure out how to fix it, develop it, test it, release it.
  • Reply 3 of 18
    Quote:
    Originally Posted by AppleInsider View Post


    Apple Inc. on Thursday issued a security update that stomps out four critical flaws within its Mac OS X operating system, all of which were first revealed last month as part of the "Month of Apple Bugs" project run by independent security analysts.




    I can't believe it! No... can't be!

    Only Windows OS has security flaws... OSX is built on UNIX and is perfectly secure... what a bunch of bull!
  • Reply 4 of 18
    lundylundy Posts: 4,466member
    Who said that Mac OS X was "perfectly" secure? Do you have a quote for that?
  • Reply 5 of 18
    emig647emig647 Posts: 2,455member
    Quote:
    Originally Posted by lundy View Post


    Who said that Mac OS X was "perfectly" secure? Do you have a quote for that?



    God did. ... Come on that's funny. I love it when people tell me "God told them".
  • Reply 6 of 18
    MacProMacPro Posts: 19,822member
    Quote:
    Originally Posted by skatman View Post


    I can't believe it! No... can't be!

    Only Windows OS has security flaws... OSX is built on UNIX and is perfectly secure... what a bunch of bull!



    Don't be a jerk. OS X is a damn secure system and Apple do a great job at fixing the few cracks that develop. What's not to like? Where is the bull in that? Go and compare a certain alternative!
  • Reply 7 of 18
    It's his attempt at dry humor. Very droll.
  • Reply 8 of 18
    Quote:
    Originally Posted by wilco View Post


    It's about time!



    Shouldn't this comment be used about the Daylight Savings change?
  • Reply 9 of 18
    MacProMacPro Posts: 19,822member
    Quote:
    Originally Posted by SpamSandwich View Post


    It's his attempt at dry humor. Very droll.



    Is that droll or troll ?
  • Reply 10 of 18
    emig647emig647 Posts: 2,455member
    Can someone explain the daylight savings fix to me? Is this because of an update to GMT? or?
  • Reply 11 of 18
    It's for the U.S.A and Canada, but not sure about the whole entire World.
  • Reply 12 of 18
    Quote:
    Originally Posted by STEPHEN RAY SNELL View Post


    It's for the U.S.A and Canada, but not sure about the whole entire World.



    Early reports indicate something about Western Australia summer time being adjusted too. (Western Australia -- that's the (almost) entire left half of the Australian continent. 8)
  • Reply 13 of 18
    Quote:
    Originally Posted by AppleInsider View Post


    ....all of which were first revealed last month as part of the "Month of Apple Bugs" project run by independent security analysts....



    ..."Independent security analysts"... Interesting. What's their beef anyway? They're all like "Oooh let's find a lot of totally obscure security issues and make Apple sweat it out... oooh we're so great...!"



    I smell the hand (squirt) of Steve Ballmer in the air, somehow all seems too in sync with the Vista Launches.



    Microsoft could be running a CovertOps kinda thing. Since nobody is really hacking away too hard at OSX, Microsoft hires a bunch of 1337 haXX0rs, and gives them a "Month of Apple Bugs" name, conveniently suggesting that OSX is riddled with security issues that "every month" something is being broken. Oh wait, isn't that what Bill Gates said? ""Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally.".... Hmmm.....



    Month of Apple Bugs claims



    "# Does "someone" pay, sponsor or support this? ex. This initiative is influenced by (random software vendor) in order to spread FUD over competitor's products?

    Definitely, no way. For conspiracy theories, please watch the X Files."



    "# Is this an attack, revenge, conspiracy or some kind of evil plot against Apple and the users of Apple products?

    Not at all, some of us use OS X on a daily basis. Getting problems solved makes that use a bit more safe each day, for everyone else. Flaws exist, with and without people disclosing them. If we wanted to make business out of this we would be selling the issues and the proper exploit for each one. Thus, business-wise, we are wasting a good cake with this project (although software by Apple isn't really of interest in these terms, except iTunes and other high-profile applications)."



    YES< a bit more safe? I'd rather these people use their Skillz to make some good freeware, rather than the stupid publicity stunt that MOAB is.
  • Reply 14 of 18
    BTW, if they're not trying to make money from it, as they claim, then why can't they just submit bugs, etc. as per the usual Developer builds or just the usual bug-reporting process for Apple? Sounds fishy, and sounds like they WANT the "fame". Not saying Apple or OSX is perfect and all that, but, MOAB and their whole motivation sounds like a real LOOK AT ME kind of thing. EVERYBODY LOOK AT US BUT NO DON'T GIVE US ANY MONEY.



    But wait, they do want money:

    Advertise on this site

    Support us! (goal: Mac Mini for testing, the rest donated)

    Your Ad Here: help us get a Mac Mini!




    Best Deals at Amazon

    TechPower Premium Laptop Battery for Apple iBook M8758LL/A Laptops (A100812)




    http://projects.info-pull.com/moab/



    *********ARGHGH********* Just be honest about what's going on.

    MOAB claims "Getting problems solved makes that use a bit more safe each day, for everyone else" -- yeah, that's what tons of people in the Apple Developer program are doing. Also, each day, for everyone else, tons of people are making nice shareware and freeware and full-blown software for the Mac.
  • Reply 15 of 18
    Now that I've slept on things a bit, I'm open to people suggesting a different view about Month of Apple Bugs. There's something about it that rubs me the wrong way, and I'd like to understand a bit better why.



    Also edited some profanity out of above post.
  • Reply 16 of 18
    emig647emig647 Posts: 2,455member
    Definitely sunilraman,



    Their motive has been dissected in just about every way possible on forums. It always ends up in the "they are doing this for fame" category.



    At least apple was quick to fix some of these things and didn't completely ignore it.
  • Reply 17 of 18
    Quote:
    Originally Posted by emig647 View Post


    ...Their motive has been dissected in just about every way possible on forums. It always ends up in the "they are doing this for fame" category...



    Interesting, thanks.



    Quote:

    At least apple was quick to fix some of these things and didn't completely ignore it.



    Who doesn't love a nice update from Apple every now and then... 8)
  • Reply 18 of 18
    emig647emig647 Posts: 2,455member
    Quote:
    Originally Posted by sunilraman View Post


    Who doesn't love a nice update from Apple every now and then... 8)



    Microsoft
Sign In or Register to comment.