Filed under: Software Update, Security
Four MOAB bugs swatted by Security Update 2007-002
As Erica just noted, Security Update 2007-02 is out, and four of the open security issues raised by the Month of Apple Bugs project are now history. These problems have been addressed by the ongoing patch efforts of Landon Fuller, but his fixes should defer automatically to the new official versions.- Finder -- Mounting a maliciously-crafted disk image may lead to an application crash or arbitrary code execution
- iChat (2 flaws) -- attackers on the local network may be able to cause iChat to crash, & visiting malicious websites/AIM URLs may lead to an application crash or arbitrary code execution
- UserNotificationCenter -- local users may be able to escalate to system-wide privileges
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
davids said 8:13PM on 2-15-2007
I'm glad to see that months are now only 5-6 days long.
Reply
Justin said 7:54PM on 2-15-2007
I'm going to try this update out. If it doesn't work I can just reboot from my Sandbox to my main system partition.
Reply
Mark Fleser said 7:05PM on 2-15-2007
There's also a daylight savings time update and a java updated.
Reply
Justin said 7:14PM on 2-15-2007
The update seems to work fine for me.
Reply
mike said 2:09AM on 2-16-2007
davids...
yeah, funny, I never noticed any of those 'bugs'...
*shrugs
Reply
Mo said 8:39AM on 2-16-2007
I wonder if the iChat update fixes rdar:///4833010, which I reported back in November; it's essentially the same as the URL handler vulnerability, although it applies to a different part of iChat's code. Apple haven't marked the bug as anything other than ‘Open’, so I'm guessing not…
Reply