Say Bonjour to latest Apple Bug

Stephen Withers
Tuesday, 30 January 2007 12:50

Your IT - Home IT

iChat has again been targeted by the Month of Apple Bugs project, with the latest disclosure revealing a pair of denial of service vulnerabilities relating to features using Bonjour, Apple's implementation of zero-configuration networking.

The first bug is that if a malicious program repeatedly advertises a user's presence via Bonjour, iChat will keep adding that user to the contacts list, "successfully block[ing] iChat users using Bonjour from discovering further peers in the network and having reliable communications."

The second is that a maliciously crafted record can be used to crash the iChat Agent. The problem recurs if iChat's Bonjour capability is restarted, as the record is cached by mDNSresponder (Bonjour's service discovery daemon).

According to LMH, "These particular issues can't be abused for arbitrary code execution" but they "can be abused remotely affecting numerous users given that they can be reached via service advertisements."

The suggested workaround is to avoid using iChat with Bonjour (you probably don't, unless you use iChat within your organisation) or to disable mDNSresponder (not a great option if you use other applications or services that rely on Bonjour).

In related news, the MoAB Fixes group has released its latest Application Enhancer module, including patches for the Software Update (January 24), Installer (January 26) and Flip4Mac (January 27) bugs. Telestream is reportedly working on an official fix for the Flip4Mac bug and will incorporate it in the next release.