Apple has released yesterday a security update containing five fixes for the Mac OS X. The five vulnerabilities were discovered during the Month of Apple Bugs, this January, and affect the operating system and iChat.
The MoAB was developed by a couple of security researchers and its purpose was to discover one system or application vulnerability each day of January. The previous security update was issued in January and it fixed a problem with QuickTime (remote code execution was disabled). The main goal of the MoAB was to improve the security of the operating system and its applications and to draw attention to omitted security flaws.
This February Security Update contains five flaw fixes, out of which only one was rated by the US Computer Emergency Response Team as “high risk”. This ‘high risk’ flaw was detected in iChat. When the user viewed a specially designed URL received by instant message, the attacker was allowed to execute code. Other two flaws were detected in iChat. These flaws could have allowed the application to be crashed, but they were both rated as ‘low risk’ by the US Computer Emergency Response Team.
The other two fixes were for the operating system. The first flaw affects OS 10.4.x’s Finder, allowing arbitrary execution of code when a specifically crafted disk image was open. The second flaw targeted the UserNotificationCenter component and it allowed unauthorized changes in user privileges if exploited. Both of these flaws were rated ‘medium risk’.
Download: Security update
Apple, Mac, OS X, Security Updates, iChat, QuickTime, MoAB, OX 10.4x