Apple Computer’s Mac OS X iChat instant messaging
client contains a security flaw that could put users at risk of system
takeover, the company warned on Friday.
The vulnerability, which is rated “highly critical” by research firm
Secunia, affects iChat 1.0, iChat AV 2.0 and iChat 2.1.
“The problem is that links aren’t properly validated before being
opened. This can be exploited to launch programs by embedding references
to local resources,” Secunia said in an alert that provides links to
Apple’s patches.
The iChat service allows cross-platform instant messaging and
videoconferencing with America Online’s AIM users.
Last month, AOL released an AIM update to correct a serious
bug that could be exploited to hijack vulnerable computers.