Apple releases Security Update 2004-09-16

Hot on the heels of the "updated" version of Security Update 2004-09-07 (v1.1), Apple has released Security Update 2004-09-16 via Software Update and Web download. The release notes for Security Update 2004-09-16 simply state:

Security Update 2004-09-16 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following component:

iChat

However, according to Apple's Security Announce mailing, the update fixes the following vulnerability:

CVE-ID: CAN-2004-0873
Impact: Remote iChat participants can send "links" that can start local programs if clicked.
Description: A remote iChat participant can send a "link" that references a program on the local system. If the "link" is activated by clicking on it, and the "link" points to a local program, then the program will run. iChat has been modified so that "links" of this type will open a Finder window that displays the program instead of running it.

Three versions of the update are available:

• Mac OS X 10.2.8 and iChat 1.0
• Mac OS X 10.2.8 and iChat AV 2.0
• Mac OS X 10.3.5 and iChat 2.1

Resources