site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2004-09-16 Security Update 2004-09-16 Security Update 2004-09-16 is now available and delivers a security enhancement for the iChat application. CVE-ID: CAN-2004-0873 Impact: Remote iChat participants can send "links" that can start local programs if clicked. Description: A remote iChat participant can send a "link" that references a program on the local system. If the "link" is activated by clicking on it, and the "link" points to a local program, then the program will run. iChat has been modified so that "links" of this type will open a Finder window that displays the program instead of running it. Credit to <aaron@vtty.com> for reporting this issue. Security Update 2004-09-16 is available for the following iChat versions: * iChat AV v2.1 (Mac OS X v10.3 or later) * iChat AV v2.0 (Mac OS X v10.2.8) * iChat 1.0.1 (Mac OS X v10.2.8) ================================================ Security Update 2004-09-16 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For iChat AV v2.1 ===================================== The download file is named: "SecUpd2004-09-16Pan.dmg" Its SHA-1 digest is: 0ef503c5f8a655de740e50f324d7311a1be6fe70 For iChat AV v2.0 ===================================== The download file is named: "SecUpd2004-09-16JagAV.dmg" Its SHA-1 digest is: 9175d92b2036d86be324de8fa386a781aabbe932 For iChat v1.0.1 ===================================== The download file is named: "SecUpd2004-09-16Jag.dmg" Its SHA-1 digest is: 4b637f08b22b70bcb65a3767814c9b3826e2edb1 Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQUpOOpyw5owIz4TQAQKjAQgAjC/Fqf1aRImxjptO/xVEyg49EjSXWf42 A6lAsr7J6TPza2VdlkG3Sik3GSCwc68bdEQZFkyGIEkw0zeBMQLNzSKKShD8v0jQ SmxyX29noaEDNUd10fP7JCBj0FqzxW2Z0RsYwUh54bb0NTLAz17G65bGpPfBEz2v 9hUyDE158V2WRTmPj/VkYK2vgFDdwmzycCdSK6IyKJsQ10HWqSVAPj1qV/9MIxzc rVythLNJLwiRfOF3dTOAfMJIGV151K9s6Iqa0N4pSyj7gdtNEhVq5RmCzvYdQkkd 82hI1occwifbv4jxuGPPy3UKB697FqaE9+nWQVpzd09SZ1dXAnn75A== =mLjD -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com