Apple fixes iChat, Finder (MoAB) flaws
A software update from Cupertino today provides cover for a pair of flaws in iChat and a code execution vulnerability in Finder. All three vulnerabilities were publicly disclosed by L.M.H. and Kevin Finisterre, the two hackers behind MoAB.
According to Apple's Security Update 2007-002 alert, a maliciously crafted disk image may lead to an application crash or arbitrary code execution in Mac OS S X v10.4.8 and Mac OS X Server v10.4.8.
Apple described the issue as a buffer overflow in Finder's handling of volume names and warned that a proof-of-concept for this issue is already available on the MoAB site. Finisterre is prominently credited in Apple's advisory.
Two bugs in iChat are also fixed. The first could allow attackers on a local network to cause the program to crash because of a null pointer dereference in iChat's Bonjour message handling. The second iChat fix is even more serious because it puts Mac OS X users at risk of code execution attacks with limited user action.
"By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution," Apple said, noting again that demo code for exploiting this issue is available at the MoAB project page.The update also fixes a bug in UserNotification that could allow malicious local users to obtain system privileges.
Apple also released two software updates to add support for the latest Daylight Saving Time (DST) and time zone information. (The DST updates address an issue where, for the first time in more than 20 years, clocks will move forward an hour on the second Sunday in March, instead of the first Sunday in April).
[NOTE: Also see Mary Jo Foley's DST change tips for Microsoft users.]