We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,088 News Articles

Apple fixes iChat security hole

Denial of service risks

Apple has released Security Update 2007-005 that tackles several issues with Mac OS X. Among the issues fixed in this update are ones that could allows users to cause a denial of service or arbitrary code execution in iChat.

Apple’s iChat application was found to have a buffer overflow vulnerability in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings. An attacker on the local network could trigger the overflow and cause an unexpected application termination or arbitrary code execution, as well as a denial of service.

Another denial of service vulnerability and arbitrary code execution issue was found in the UPnP IGD code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder. Like the iChat issue, an attacker on the local network could trigger the overflow and cause an unexpected application termination or arbitrary code execution, as well as a denial of service.

Both of these issues have been addressed by performing additional validation when processing UPnP protocol packets.

Separate problems with vpnd and the ppp daemon have been addressed that allowed a local user to obtain system privileges, as well as denial of service vulnerabilities in the Ruby CGI library.

Other changes in the underpinnings of the operating system have addressed as well, including issues with BIND, CoreGraphics, crontabs, fetchmail, texinfo and others.

The update is available from Mac OS X’s built-in software update mechanism.


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...