Apple has issued a security update containing five patches for vulnerabilities disclosed during January's Month of Apple Bugs (MoAB) project.
Of the five flaws fixed in the update, only one is rated as a 'high' risk by the US Computer Emergency Response Team (US-CERT).
The high-level risk is a vulnerability in iChat, Apple's instant messaging app, that could allow an attacker to execute code when a user views a specially crafted URL string sent through an instant message.
Three of the five vulnerabilities targeted iChat, including two that could be used to cause an application crash. Each of these vulnerabilities were rated as 'low' by US-CERT.
The remaining two fixes were for components in Mac OS X. A flaw in Finder allowed for arbitrary code execution when a specially crafted disk image was opened. This vulnerability only affected versions 10.4.x, according to Apple.
Another flaw, which targeted the UserNotificationCenter component, could be exploited to elevate user privileges. Both vulnerabilities were rated as 'medium' threats.
This latest round of patches is the second issued by Apple in 2007. The company issued a fix in January for a vulnerability in the Mac and Windows versions of QuickTime that allowed remote code execution.
All of the vulnerabilities patched this year by Apple have been credited to the MoAB project, which aimed to disclose a new vulnerability every day in January.
The project was run by a pair of security researchers to raise awareness of security issues and improve the quality of security software for MacOS X.
Five fixes in latest Apple patch
By Shaun Nichols on Feb 19, 2007 9:52AM