Technology news and Jobs arrow TAG
Quick fix for latest Mac bug disclosure E-mail
by Stephen Withers   
Wednesday, 17 January 2007
Today's Month of Apple Bugs disclosure was quickly followed by an update to the affected application.

Colloquy is an IRC and SILC chat client with a Mac-style user interface. The MoAB team found a way of sending a malformed invitation string that causes Colloquy to fail.

According to the MoAB disclosure, the issue is related to functions provided by Apple's AppKit framework that have similar behaviour to printf(). Other applications using these functions are said to be vulnerable to similar problems.

Fortunately, "Due to a bug in CoreFoundation, these issues are currently difficult to exploit for code execution", but 'difficult' is not the same as 'impossible'.

Colloquy 2.1 build 3558 - "Fixes a security vulnerability (and crash) when someone invites you to a room with special characters" - was released within hours of the disclosure.{moscomment}

Please enable JavaScript in your browser to post your comment!

Tags See All Tags


Macintosh  Malware  Security  Software  Stephen Withers 

Get stories like this delivered daily - FREE - subscribe now
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
Suscribers		 904,266
13,751
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire