Code smuggled in through Apple's iChat
The initiators of the Month of Apple Bugs (MOAB) have made public a hole in Apple's iChat that attackers could use to cause the application to crash or inject code into it when manipulated websites are visited. The Instant Messenger application contains a format string vulnerability in the processing of AIM-URLs (addresses for AOL's Instant Messenger protocol).
Another flaw related to the handling of URLs concerns the Transmit.app application up to and including version 3.5.5. In some cases, the application may not reserve enough memory for the address if it is to access a server via SFTP. MOAB's security advisory says that the result is a buffer overflow that can be exploited. They recommend disabling the URL handler for ftps:// via RCDefaultApp as a workaround.
- Apple iChat aim:// URL Handler Format String Vulnerability, MOAB's security advisory
- Demonstration web site for the vulnerability
- Transmit.app ftps:// URL Handler Heap Buffer Overflow, MOAB's security advisory