- home
- reviews
- news
- downloads
- cnet tv
On CBS MoneyWatch: 5 Things You Should Buy at Walmart
- log in
- join CNET
- welcome,
- my profile
- log out

February 15, 2007 3:54 PM PST

Apple plugs four security holes

By Tom Krazit
Staff Writer, CNET News

24 comments

Apple issued four security updates Thursday to fix flaws in Mac OS X and iChat identified by the Month of Apple Bugs project.

Two of the flaws could allow an attacker to execute code on an unpatched system, Apple said. Patches are now available on Apple's Web site or through the Software Update selection under the Apple menu on a Mac.

Apple noted that proof-of-concepts for the flaws were posted on the Month of Apple Bugs Web site. But it doesn't appear that attack code has surfaced using the concepts outlined by the project. Apple has fixed several flaws identified during the course of January by the project, but some remain open.

The two flaws that could lead to arbitrary code execution are found in Finder and iChat. There's a buffer overflow flaw in Finder that could allow an attacker to take control of a system by "enticing a user into mounting a malicious disk image," or tricking someone into enabling local access of a file supposedly stored on a remote server. Apple credited Kevin Finisterre, one of the participants in the Month of Apple Bugs project, for reporting the issue, something it did not do on the three other flaws patched on Thursday.

The other patch, for iChat, fixes an issue in which a user could click on a malicious URL in a chat session and trigger an overflow, possibly opening the system to an attacker.

Two patches concern flaws that require a malicious local user. This includes another iChat flaw that could cause the application to crash as well as a fix for a UserNotification flaw that could allow system files to be overwritten.

See more CNET content tagged:
Apple iChat, flaw, Apple Computer, attacker, project

Add a Comment (Log in or register) (24 Comments)

Never assume you are 100 percent safe

by Seaspray0 February 15, 2007 5:10 PM PST

Two of the flaws could allow an attacker to execute code on an unpatched system, Apple said. This is reason enough you should take security seriously. Keep your computer patched and up to date and never assume your computer is invincible.

Like this Reply to this comment

Thanks dad! NT
by BlackMicro February 15, 2007 7:53 PM PST: NT; Like this

Good Advise
by Jesus#2 February 15, 2007 7:54 PM PST: I think most Apple users agree.. while we might tout the fact that there are no viruses in the wild for the Mac OS.. must of us are painfully familiar with what happens when a computer is compromised (when using another OS). Most computer users have a healthy appreciation for needing to keep our computers secure.; Like this View reply Hide reply
Processing

not Apple

by hoss805 February 15, 2007 9:18 PM PST

i think they were talking about happle not apple apple world is perfect. if this was a microsoft, apple users would be bashing the hell out of microsoft

Like this Reply to this comment

Nobody said they were perfect.
by Macsaresafer February 16, 2007 4:41 AM PST: There's a huge range of quality between zero potential vulnerabilities and 118,000+ actual exploits for Apple to occupy. A few potential vulnerabilities is about as close to perfection as anyone can hope for, but you're probably too busy setting up multple firewalls and antivirus screens to see that.; Like this View reply Hide reply
Processing

not Apple

by hoss805 February 15, 2007 9:18 PM PST

i think they were talking about happle not apple apple world is perfect. if this was a microsoft, apple users would be bashing the hell out of microsoft

Like this Reply to this comment

Nobody said they were perfect.
by Macsaresafer May 6, 2008 9:56 AM PDT: There's a huge range of quality between zero potential vulnerabilities and 118,000+ actual exploits for Apple to occupy. A few potential vulnerabilities is about as close to perfection as anyone can hope for, but you're probably too busy setting up multple firewalls and antivirus screens to see that.; Like this View reply Hide reply
Processing

Bootcamp and Parallels

by burgher February 16, 2007 2:02 PM PST

If you are using the file sharing option in Parallels to allow the Windows virtual machine to access files on your hard drive, a virus could infect the files on the mac partition. If those files are later e- mailed or transferred to another machine they could be spread. Apple and Parallels both recommend using anti-virus software when running Windows either via Bootcamp or Parallels and makes good sense. Just because it's a virtual machine or a dual-boot doesn't mean that it can't be compromised.

Like this Reply to this comment

True.
by Macsaresafer February 17, 2007 12:01 AM PST: Anytime you run Windows you must use extra caution. Virtual or not, it's still very vulnerable.; Like this

Bootcamp and Parallels

by burgher February 16, 2007 2:02 PM PST

Like this Reply to this comment

True.
by Macsaresafer February 17, 2007 12:01 AM PST: Anytime you run Windows you must use extra caution. Virtual or not, it's still very vulnerable.; Like this

I can't believe this article! (* WINK *)
by wbenton February 20, 2007 5:11 AM PST: This can't be right!!! (* GRIN *) Apple's MAC OS is invincible to such security holes. (* ROFLOL *) BOTTOM LINE: Any/All OS's have the possibility for a few vulnerabilities... there is no such thing as a vulnerable-proof Operating System... regardless of what anybody thinks. The quickest way to find a flaw in anything is to boast it as impennetrable and offer anybody who penetrates it $1000! Then you'll see just how vulnerable you are! (* GRIN *) Walt; Like this Reply to this comment

I can't believe this article! (* WINK *)
by wbenton February 20, 2007 5:11 AM PST: This can't be right!!! (* GRIN *) Apple's MAC OS is invincible to such security holes. (* ROFLOL *) BOTTOM LINE: Any/All OS's have the possibility for a few vulnerabilities... there is no such thing as a vulnerable-proof Operating System... regardless of what anybody thinks. The quickest way to find a flaw in anything is to boast it as impennetrable and offer anybody who penetrates it $1000! Then you'll see just how vulnerable you are! (* GRIN *) Walt; Like this Reply to this comment

Never assume you are 100 percent safe

by Seaspray0 May 6, 2008 9:56 AM PDT

Like this Reply to this comment

Thanks dad! NT
by BlackMicro February 15, 2007 7:53 PM PST: NT; Like this

Good Advise
by Jesus#2 February 15, 2007 7:54 PM PST: I think most Apple users agree.. while we might tout the fact that there are no viruses in the wild for the Mac OS.. must of us are painfully familiar with what happens when a computer is compromised (when using another OS). Most computer users have a healthy appreciation for needing to keep our computers secure.; Like this View reply Hide reply
Processing

(24 Comments)

Add a comment

Popular discussions on CNET:

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

Latest tech news headlines

Micron to buy Numonyx for $1.27 billion
Posted in Nanotech - The Circuits Blog by Brooke Crothers

February 9, 2010 8:35 PM PST
Rafe and Josh debate Google's Buzz
Posted in Webware by Rafe Needleman, Josh Lowensohn

February 9, 2010 6:10 PM PST
YouTube's traffic data for music questioned
Posted in Media Maverick by Greg Sandoval

February 9, 2010 5:07 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Apple (1.07%) 2.07 196.19; Dow Jones Industrials (1.52%) 150.25 10,058.64; S&P 500 (1.30%) 13.78 1,070.52; NASDAQ (1.17%) 24.82 2,150.87; CNET TECH (1.12%) 16.96 1,524.71

Inside CNET News

Scroll Left Scroll Right

Nanotech - The Circuits Blog
Micron to buy Numonyx for $1.27 billion
One of the world's largest flash memory makers agrees to be acquired by Micron Technology in a deal worth approximately $1.27 billion.
Gallery
Images: Stewart Butterfield's new gaming start-up
Software, Interrupted
Big IT vendors overcomplicating the cloud
CA and NetApp have joined together on cloud offerings. But are they missing the point of simplifying enterprise IT?
Beyond Binary
Olympic snow still in short supply at Cypress
Olympic organizers have now shortened training, stepped up trucking of snow, and even turned to adding dry ice to the mix to make sure the venue is ready for the start of the Games.
Video
CNET first look at Google Buzz
Media Maverick
YouTube's traffic data for music questioned
The number of visitors to Warner Music Group's YouTube videos doubled in January and outpaced the much larger Vevo. But those numbers are now being questioned.
Video
Apple iPad: Is it for you?
The Social
Brangelina kiss lands Paul Allen on TMZ
The Microsoft co-founder appears to have gotten chummy with the Hollywood power couple, even chilling with them in the same box at the Super Bowl last weekend.
Crave
Intel taps student's robot for processor demo
University of Arizona engineering student creates a six-legged Atom-powered bot that can "learn" to walk on its own, and Intel brings it along on the company road show.
Gallery
Next-generation 747 takes first air (photos)
Crave
Panasonic updates 3-chip camcorders
Though Panasonic's replacements for its 300 series' models have relatively minor updates, they seem like nice enhancements.
Green Tech
A Toyota Prius owner waits for the recall
Last summer, CNET's Martin LaMonica wanted to see if his new Prius could hit the magic 50-mpg mark. Now he's wondering when his spiffy hybrid will get a fix for faulty brakes.