Apple released a security update today for users of Mac OS X v10.3.9 and v10.4.8 (including OS X Server):
- Mounting a maliciously-crafted disk image could lead to a crash or arbitrary code execution (CVE-2007-0197)
- Attackers on the local network can cause iChat to crash. A proof of concept was published in January (CVE-2007-0614 and CVE-2007-0710)
- By using iChat AIM to visit a maliciously crafted URL an attacker could trigger an overflow, leading to a crash of the application or arbitrary code execution.
- The UserNotificationCenter runs with elevated privileges in a local user context. This update forces the application to drop its group privileges shortly after starting. While this does not fix a directly exploitable vulnerability in itself, it fortifies the overall security posture of the application.
Security Update 2007-002, which contains these fixes, can be downloaded at Apple Downloads. Also have a look at these Java and DST updates.