Remote iChat Exploit Patched
99BottlesOfBeerInMyF writes "Apple has released a security update to patch a hole in iChat. Apparently, correctly crafted links sent via iChat can execute programs if the path is known. If this allows for command line attributes to be included, it could be a pretty big hole; although it would still require some social engineering. The Apple description is here."
Fuck you you motherfcking LambdaMOOers you!
Seriously though, I could easily socially engineer anyone. How hard to you have to try to get someone to click on a link? Just tell them it's a really cool site. That was a BIG hole and still is. The FA says that it now opens a finder window to where the program is.
A user could tell a person to click on a "link" and the click on a "link" in the resulting window. I guess nothing in the utilities folder would be bad unattended and not running as root, though.
Chris
if apple are so F'n helpful then why not run it for you - after all they know what they just updated right?
Forget about iChat, I'd like to "patch" this iPod user's holes!!
Flamebait?? No. Not even close. Fucking hell, if you're gonna use a system with multiple choices, at least learn what the damn choices MEAN. Dumbass.
Troll? Not really, but plausible if you say so. Off Topic? Sorta. Redundant? Technically maybe. Informative? Sure! Interesting? Hell YEAH!! Insightful? Nope. Flamebait? Not a fucking chance! Who's gonna come back with a flame over that??
Fucking morons.