iTWire - Apple blocks four MoAB exploits

Apple blocks four MoAB exploits

by Stephen Withers
Friday, 16 February 2007
Security Update 2007-002 for Mac OS X addresses four vulnerabilities highlighted during the Month of Apple Bugs, while other updates take care of daylight saving changes and other issues. Register now to win a Canon EOS 500D Disk image files now undergo additional validation before being mounted, preventing a buffer overflow caused by maliciously-crafted volume name. The UserNotificationCenter process now drops its group privileges immediately after launching, which should prevent it being exploited by unprivileged local users to gain root privileges. Two iChat vulnerabilities are also addressed by the update. Bonjour messages undergo additional validation to prevent crashing, and AIM URLs now get extra validation to avoid crashing or arbitrary code execution. In related news, Apple has also released Daylight Saving Time Update 1.0 (to accommodate changes in Daylight Saving Time in the US and Canada effective next month and to provide the latest time zone information for other countries) and Java for Mac OS X 10.4, Release 5 (which also handles daylight saving issues as well as "improved reliability and compatibility". Each update is available in versions for Mac OS X 10.3 and 10.4.{moscomment} Please enable JavaScript in your browser to post your comment! Tags See All Tags Add New Tag... Please Enter New Tags Separated By Comma's Or Close Apple Macintosh Malware Security Software Stephen Withers Powered By Joomla Tags