Remote iChat Exploit Patched

← Back to Stories (view on slashdot.org)

Posted by pudge on Friday September 17, 2004 @05:25AM from the gotta-restart-now-brb dept.

99BottlesOfBeerInMyF writes "Apple has released a security update to patch a hole in iChat. Apparently, correctly crafted links sent via iChat can execute programs if the path is known. If this allows for command line attributes to be included, it could be a pretty big hole; although it would still require some social engineering. The Apple description is here."

6 of 55 comments (clear)

Wow... by PedanticSpellingTrol · 2004-09-17 05:39 · Score: 5, Funny

This sounds exactly like the away:// hole in AIM from a few weeks ago. Has anyone audited the UNIX talk command for similar bugs?
Re:social engineering by teh*fink · 2004-09-17 06:39 · Score: 5, Funny

How hard is to to socially engineer the average mac user?

you wouldn't believe how easy it is. whenever new users come into the "panther" chatroom using ichat, they are told to hit command-L for a list of other chatrooms. 80% fall for it. some repeatedly; they come back and ask for the key combo again, figuring they entered it wrong the first time.

--
"I DARE you to make less sense!"
Re:All I want to know is... by Anonymous Coward · 2004-09-17 07:26 · Score: 5, Funny

Every time you reboot, god kills a kitten.
Re:social engineering by hunterx11 · 2004-09-17 11:18 · Score: 4, Funny

I wonder how many Mac users get tricked into typing Alt+F4 only to wonder why nothing happens?

--
English is easier said than done.
But ... but ... but... by commodoresloat · 2004-09-17 13:47 · Score: 4, Funny

What about my uptime? What about my precious uptime??!!!
Windows Geeks are Hermaphrodites by Anonymous Coward · 2004-09-19 16:45 · Score: 1, Funny

But I bet you already knew that.

So how long until "Chicks With Dicks 25" comes out anyway? Randall preordered that thing ages ago.