We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple addresses 'Bug Month' security holes

Updates for Final Cut Pro, iChat and more

Apple released nine software updates yesterday that address concerns raised during two security researchers' self-proclaimed 'Month of Apple Bugs' and fix holes in Final Cut Pro. The fixes are available now via Mac OS X's built-in Software Update utility. They also deal with new US Daylight Saving Times rules.

'Month of Apple bugs' fixes

Three of the updates address bugs found by security researcher Kevin Finisterre and hacker 'LMH' during their month-long event aimed at exposing security flaws in Apple products and products that run on Apple systems.

The fixes, labelled Security Update 2007-002 , are available in Panther, PowerPC and Universal versions.

On systems running Tiger, the update addresses a bug in which "a maliciously crafted disk image may lead to an application crash or arbitrary code execution", according to Apple's published release notes. Apple credits Finisterre for reporting the bug, which was posted on the Month of Apple Bugs site as 'Apple Finder DMG Volume Name Memory Corruption' on 9 January.

On systems running Tiger or Panther, the update addresses a Bonjour bug in which "attackers on the local network may be able to cause iChat to crash", according to Apple. This bug was listed on Month of Apple Bugs as 'Apple iChat Bonjour Multiple Denial of Service Vulnerabilities' on 28 January.

On systems running Tiger or Panther, the update addresses a vulnerability in iChat's AIM URL handler that "may lead to an application crash or arbitrary code execution", according to Apple. The bug was announced on Month of Apple Bugs as 'Apple iChat aim:// URL Handler Format String Vulnerability' on 20 January.

Finally, on systems running Tiger or Panther, the update addresses a vulnerability in the UserNotificationCenter process that could potentially grant system privileges to malicious users. This bug was announced on Month of Apple Bugs as 'Apple UserNotificationCenter Privilege Escalation Vulnerability' on 22 January.

Final Cut Pro 5.1.3

On Thursday Apple also updated Final Cut Pro to version 5.1.3, an update which "provides important bug fixes", according to Apple. According to Apple's Final Cut Pro documentation, the update includes fixes to provide compatibility of render files between PowerPC- and Intel-based Macs, returns missing keyboard commands to the default keyboard layout, and fixes a bug involving cross dissolves in a nested sequence containing still images.


IDG UK Sites

Black Friday and Cyber Monday 2014 tech deals UK Live: Best Black Friday deals from Apple, Amazon,...

IDG UK Sites

Why are people still buying satnavs? Smartphones are the modern satnav

IDG UK Sites

New Star Wars trailer: Watch the VFX-laden teaser for The Force Awakens

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers UPDATED