Now available via Software Update:
Security Update 2004-09-16 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following component:
iChat
For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798
There are updates for 10.2.8 + iChat 1.0, 10.2.8 + iChat 2.0, and 10.3.5 + iChat 2.1.
[Update] Details of the update:
CVE-ID: CAN-2004-0873
Impact: Remote iChat participants can send "links" that can start local programs if clicked
Description: A remote iChat participant can send a "link" that references a program on the local system. If the "link" is activated by clicking on it, and the "link" points to a local program, then the program will run. iChat has been modified so that "links" of this type will open a Finder window that displays the program instead of running it. Credit to aaron@vtty.com for reporting this issue.
Availability: This update is available for the following iChat versions:
- iChat AV v2.1 (Mac OS X 10.3 or later)
- iChat AV v2.0 (Mac OS X 10.2.8)
- iChat 1.0.1 (Mac OS X 10.2.8)
