We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple addresses 'Bug Month' security holes

Updates for Final Cut Pro, iChat and more

Apple released nine software updates yesterday that address concerns raised during two security researchers' self-proclaimed 'Month of Apple Bugs' and fix holes in Final Cut Pro. The fixes are available now via Mac OS X's built-in Software Update utility. They also deal with new US Daylight Saving Times rules.

'Month of Apple bugs' fixes

Three of the updates address bugs found by security researcher Kevin Finisterre and hacker 'LMH' during their month-long event aimed at exposing security flaws in Apple products and products that run on Apple systems.

The fixes, labelled Security Update 2007-002 , are available in Panther, PowerPC and Universal versions.

On systems running Tiger, the update addresses a bug in which "a maliciously crafted disk image may lead to an application crash or arbitrary code execution", according to Apple's published release notes. Apple credits Finisterre for reporting the bug, which was posted on the Month of Apple Bugs site as 'Apple Finder DMG Volume Name Memory Corruption' on 9 January.

On systems running Tiger or Panther, the update addresses a Bonjour bug in which "attackers on the local network may be able to cause iChat to crash", according to Apple. This bug was listed on Month of Apple Bugs as 'Apple iChat Bonjour Multiple Denial of Service Vulnerabilities' on 28 January.

On systems running Tiger or Panther, the update addresses a vulnerability in iChat's AIM URL handler that "may lead to an application crash or arbitrary code execution", according to Apple. The bug was announced on Month of Apple Bugs as 'Apple iChat aim:// URL Handler Format String Vulnerability' on 20 January.

Finally, on systems running Tiger or Panther, the update addresses a vulnerability in the UserNotificationCenter process that could potentially grant system privileges to malicious users. This bug was announced on Month of Apple Bugs as 'Apple UserNotificationCenter Privilege Escalation Vulnerability' on 22 January.

Final Cut Pro 5.1.3

On Thursday Apple also updated Final Cut Pro to version 5.1.3, an update which "provides important bug fixes", according to Apple. According to Apple's Final Cut Pro documentation, the update includes fixes to provide compatibility of render files between PowerPC- and Intel-based Macs, returns missing keyboard commands to the default keyboard layout, and fixes a bug involving cross dissolves in a nested sequence containing still images.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia