[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2004-09-16 Security Update 2004-09-16

Subject: APPLE-SA-2004-09-16 Security Update 2004-09-16
From: Apple Product Security <email@hidden>
Date: Thu, 16 Sep 2004 19:40:39 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-09-16 Security Update 2004-09-16

Security Update 2004-09-16 is now available and delivers a security
enhancement for the iChat application.

CVE-ID:  CAN-2004-0873
Impact:  Remote iChat participants can send "links" that can start
local programs if clicked.
Description:  A remote iChat participant can send a "link" that
references a program on the local system.  If the "link" is activated
by clicking on it, and the "link" points to a local program, then the
program will run.  iChat has been modified so that "links" of this
type will open a Finder window that displays the program instead of
running it.  Credit to <email@hidden> for reporting this issue.

Security Update 2004-09-16 is available for the following iChat
versions:
* iChat AV v2.1 (Mac OS X v10.3 or later)
* iChat AV v2.0 (Mac OS X v10.2.8)
* iChat 1.0.1 (Mac OS X v10.2.8)

================================================

Security Update 2004-09-16 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For iChat AV v2.1
=====================================
The download file is named: "SecUpd2004-09-16Pan.dmg"
Its SHA-1 digest is:  0ef503c5f8a655de740e50f324d7311a1be6fe70

For iChat AV v2.0
=====================================
The download file is named: "SecUpd2004-09-16JagAV.dmg"
Its SHA-1 digest is:  9175d92b2036d86be324de8fa386a781aabbe932

For iChat v1.0.1
=====================================
The download file is named: "SecUpd2004-09-16Jag.dmg"
Its SHA-1 digest is:  4b637f08b22b70bcb65a3767814c9b3826e2edb1

Information will also be posted to the Apple Product Security
web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQUpOOpyw5owIz4TQAQKjAQgAjC/Fqf1aRImxjptO/xVEyg49EjSXWf42
A6lAsr7J6TPza2VdlkG3Sik3GSCwc68bdEQZFkyGIEkw0zeBMQLNzSKKShD8v0jQ
SmxyX29noaEDNUd10fP7JCBj0FqzxW2Z0RsYwUh54bb0NTLAz17G65bGpPfBEz2v
9hUyDE158V2WRTmPj/VkYK2vgFDdwmzycCdSK6IyKJsQ10HWqSVAPj1qV/9MIxzc
rVythLNJLwiRfOF3dTOAfMJIGV151K9s6Iqa0N4pSyj7gdtNEhVq5RmCzvYdQkkd
82hI1occwifbv4jxuGPPy3UKB697FqaE9+nWQVpzd09SZ1dXAnn75A==
=mLjD
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2004-09-13 Security Update 2004-09-07 v1.1
Previous by thread: APPLE-SA-2004-09-13 Security Update 2004-09-07 v1.1
Index(es):
- Date
- Thread

Home