Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote iChat Exploit Patched

Posted by pudge on Friday September 17, 2004 @05:25AM from the gotta-restart-now-brb dept.

99BottlesOfBeerInMyF writes "Apple has released a security update to patch a hole in iChat. Apparently, correctly crafted links sent via iChat can execute programs if the path is known. If this allows for command line attributes to be included, it could be a pretty big hole; although it would still require some social engineering. The Apple description is here."

2 of 55 comments (clear)

Min score:

Reason:

Sort:

Re:Wow... by br0ck · 2004-09-17 06:03 · Score: 5, Informative

How soon we forget.
Re:Not complaining, just wondering by 99BottlesOfBeerInMyF · 2004-09-17 08:04 · Score: 5, Informative

I am not certain exactly what is going on with these updates, but I think you are missing two pieces of data. First, there are two versions of "Security Update 2004-09-07" 1.0 and 1.1. Second, although I'm not certain it is relevant, the only demo of this exploit I saw called the ftp: handler and directed it at a local .app bundle in order to launch it. My test of the exploit, however, failed. This might be due to the fact that ftp had been broken by a previous update.
It would be interesting to hear how this round of updates came about.