Apple issued four security updates Thursday to fix flaws in Mac OS X and iChat identified by the Month of Apple Bugs project.
Two of the flaws could allow an attacker to execute code on an unpatched system, Apple said. Patches are now available on Apple's Web site or through the Software Update selection under the Apple menu on a Mac.
Apple noted that proof-of-concepts for the flaws were posted on the Month of Apple Bugs Web site. But it doesn't appear that attack code has surfaced using the concepts outlined by the project. Apple has fixed several flaws identified during the course of January by the project, but some remain open.
The other patch, for iChat, fixes an issue in which a user could click on a malicious URL in a chat session and trigger an overflow, possibly opening the system to an attacker.
Two patches concern flaws that require a malicious local user. This includes another iChat flaw that could cause the application to crash as well as a fix for a UserNotification flaw that could allow system files to be overwritten.
No comments:
Post a Comment