On Thursday, Apple released Security Update 2007-005, an update designed to repair element of Mac OS X with a specific fix centered on the iChat instant message program.
According to Macworld News, the update specifically fixes a potential buffer overflow exploit in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used for port mapping functions within the iChat program. If exploited, a user could trigger an overflow and cause applications to terminate as well as arbitrary code to be executed in addition to denial of services.
An additional vulnerability was discovered in the port mapping code used in home NAT gateways via Mac OS X’s dDNSResponder function. Once again, an outside user could trigger a similar overflow as the iChat bug and cause applications to terminate, arbitrary code to be executed and denial of services.
Additional fixes have been provided for the following system functions:
bind
CarbonCore
CoreGraphics
crontabs
fetchmail
file
iChat
PPP
ruby
screen
texinfo
VPN
The update requires Mac OS X 10.3.9 or later to run and is available both through the Software Update feature or via Apple’s Support Downloads page.
If you’ve installed the update and have either positive or negative feedback about it, let us know.
On Thursday, Apple released Security Update 2007-005, an update designed to repair element of Mac OS X with a specific fix centered on the iChat instant message program.
According to Macworld News, the update specifically fixes a potential buffer overflow exploit in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used for port mapping functions within the iChat program. If exploited, a user could trigger an overflow and cause applications to terminate as well as arbitrary code to be executed in addition to denial of services.
An additional vulnerability was discovered in the port mapping code used in home NAT gateways via Mac OS X’s dDNSResponder function. Once again, an outside user could trigger a similar overflow as the iChat bug and cause applications to terminate, arbitrary code to be executed and denial of services.
Additional fixes have been provided for the following system functions:
bind
CarbonCore
CoreGraphics
crontabs
fetchmail
file
iChat
PPP
ruby
screen
texinfo
VPN
The update requires Mac OS X 10.3.9 or later to run and is available both through the Software Update feature or via Apple’s Support Downloads page.
If you’ve installed the update and have either positive or negative feedback about it, let us know.