Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Businesses OS X Operating Systems Apple

Remote iChat Exploit Patched 55

99BottlesOfBeerInMyF writes "Apple has released a security update to patch a hole in iChat. Apparently, correctly crafted links sent via iChat can execute programs if the path is known. If this allows for command line attributes to be included, it could be a pretty big hole; although it would still require some social engineering. The Apple description is here."
This discussion has been archived. No new comments can be posted.

Remote iChat Exploit Patched

Comments Filter:
  • by Enucite ( 10192 ) on Friday September 17, 2004 @12:35PM (#10278239)
    Why did I have to reboot after patching iChat?
    • by danigiri ( 310827 ) on Friday September 17, 2004 @12:39PM (#10278286)
      Usually because it's better to tell most people 'Reboot' than 'just issue a $ ps xa|grep foo|grep -v grep| xargs| kill -HUP 2>&1' or whatever
      • by timothv ( 730957 ) on Friday September 17, 2004 @12:47PM (#10278363)
        Why can't the installer do that for them?
        • by 47Ronin ( 39566 ) <[glenn] [at] [47ronin.com]> on Friday September 17, 2004 @12:59PM (#10278524) Homepage
          Why can't the installer do that for them?
          #1 It's rude for the OS to just instantly reboot the machine. It just makes a STRONG suggestion to reboot. What if you have unsaved work that you really NEED to finish now? At least the OS is not crippled during the install.

          #2 Rather than risking the probability that a process doesn't HUP properly, it's safer for Apple just to reboot the Mac so that simple Mac users will get a proper reset of all processes. Helps avoid customer service issues if a HUP doesn't go correctly. Advanced users can usually avoid a reboot and just restart the process that was affected.
  • Wow... (Score:5, Funny)

    by PedanticSpellingTrol ( 746300 ) on Friday September 17, 2004 @12:39PM (#10278281)
    This sounds exactly like the away:// hole in AIM from a few weeks ago. Has anyone audited the UNIX talk command for similar bugs?
  • by catmistake ( 814204 ) on Friday September 17, 2004 @02:40PM (#10279636) Journal
    I sent this story up last night before midnight, because I noticed after several hours no one had mentioned it... Apple hadn't posted their explaination on their site yet, so 99BottlesOfBeerInMyF has a more complete story.

    But I brought up the fact that the last Update, "Security Update 2004-09-07" reappears in the Software Update list as a required update, even if you've already installed it (which I did on the 7th), and that this update (the last one) breaks your ftp server if you happened to be running one. The ftp server is fixed by adding a /usr/etc directory and copying /etc/ftpusers into it, but as far as I know, Apple hasn't owned up to this, and there is still no explanation. So what's up? Does anyone know why it has inexplicably re-appeared? (I understand it is rare for Apple to do this... but I will be wary of updates in the future.)
    • by 99BottlesOfBeerInMyF ( 813746 ) on Friday September 17, 2004 @03:04PM (#10279866)
      I am not certain exactly what is going on with these updates, but I think you are missing two pieces of data. First, there are two versions of "Security Update 2004-09-07" 1.0 and 1.1. Second, although I'm not certain it is relevant, the only demo of this exploit I saw called the ftp: handler and directed it at a local .app bundle in order to launch it. My test of the exploit, however, failed. This might be due to the fact that ftp had been broken by a previous update.
      It would be interesting to hear how this round of updates came about.
    • by Guy Harris ( 3803 ) <guy@alum.mit.edu> on Saturday September 18, 2004 @01:18PM (#10285742)
      The ftp server is fixed by adding a /usr/etc directory and copying /etc/ftpusers into it, but as far as I know, Apple hasn't owned up to this

      In an Apple page on the 1.1 version of the Security Update [apple.com], they explicitly note that the 1.1 version "fixes the following issues in Security Update 2004-09-07 v1.0:"

      - lukemftpd: Corrects the path to the configuration directory

      - Safari (10.3.5 only): The Safari version number is changed to provide compatibility with web sites that use an old version-checking mechanism
      Does anyone know why it has inexplicably re-appeared?

      So that people who installed the 1.0 version get offered the 1.1 version, and can get their FTP server and their ability to go to sites that think that a browser version string containing "Netscape" and "4." means the browser is Netscape 4.

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...