Slashdot Mirror


Remote iChat Exploit Patched

99BottlesOfBeerInMyF writes "Apple has released a security update to patch a hole in iChat. Apparently, correctly crafted links sent via iChat can execute programs if the path is known. If this allows for command line attributes to be included, it could be a pretty big hole; although it would still require some social engineering. The Apple description is here."

8 of 55 comments (clear)

  1. Feline Poop! by Anonymous Coward · · Score: -1, Troll

    Fuck you you motherfcking LambdaMOOers you!

  2. social engineering by alatesystems · · Score: -1, Troll
    although it would still require some social engineering.
    How hard is to to socially engineer the average mac user?

    Seriously though, I could easily socially engineer anyone. How hard to you have to try to get someone to click on a link? Just tell them it's a really cool site. That was a BIG hole and still is. The FA says that it now opens a finder window to where the program is.

    A user could tell a person to click on a "link" and the click on a "link" in the resulting window. I guess nothing in the utilities folder would be bad unattended and not running as root, though.

    Chris
    1. Re:social engineering by Anonymous Coward · · Score: -1, Troll

      I don't know.

      you're one of the people that have been social engireed to post obvious stuff in order to advertise your "free ipod".

      seriously, take a look on your posting history and how it has picked up just lately. you're not the only one either! a shitload of sub 200 000 uid people have gotten into this crap.

      (really, i'm fucking tired of people who have never ever posted in great numbers starting to post JUST TO GET PEOPLE TO SIGN UP FOR THE FREE IPOD THING TO GET THEIR OWN FREE IPOD. seriously, then these same people reason that it's such a good deal that you can just do it with couple of friends- WTF ARE THEY LOOKING FOR PEOPLE ON SLASHDOT THEN FOR?? DOESNT SOUND THAT FUCKIN EASY TO ME - just the regular reference spam thing, nothing new..)

      if it is easy then you don't need to look for strangers on internet...

    2. Re:social engineering by Anonymous Coward · · Score: -1, Troll

      "Seriously though, I could easily socially engineer anyone." Well, you certainly have the confidence needed to be a con-man but your estimation of your own smack fu is not uncommon as seen at this really cool site here. :-)

    3. Re:social engineering by Big+Chubby+Cat · · Score: 0, Troll

      I have a chatroom list...IN MY PANTS!!!...

  3. Re:All I want to know is... by Anonymous Coward · · Score: -1, Troll

    if apple are so F'n helpful then why not run it for you - after all they know what they just updated right?

  4. Patching holes by Anonymous Coward · · Score: -1, Troll

    Forget about iChat, I'd like to "patch" this iPod user's holes!!

  5. Fucking moderators by Anonymous Coward · · Score: -1, Troll

    Flamebait?? No. Not even close. Fucking hell, if you're gonna use a system with multiple choices, at least learn what the damn choices MEAN. Dumbass.

    Troll? Not really, but plausible if you say so. Off Topic? Sorta. Redundant? Technically maybe. Informative? Sure! Interesting? Hell YEAH!! Insightful? Nope. Flamebait? Not a fucking chance! Who's gonna come back with a flame over that??

    Fucking morons.