Finder A buffer overflow exists in Finder's handling of volume names. By enticing a user to mount a malicious disk image, an attacker could trigger the issue, potentially leading to an application crash or arbitrary code execution. A proof of concept for this issue has been published on the Month of Apple Bugs (MoAB) website, and the update addresses the issue by performing additional validation of disk images. The issue does not affect systems prior to Mac OS X 10.4. Apple offers credit to Kevin Finisterre of DigitalMunition for reporting the issue. iChat A null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for the issue in Mac OS X 10.4 has been published on the Month of Apple Bugs (MoAB) website, and the update addresses the issues by performing additional validation of Bonjour messages. A format string vulnerability also exists in the iChat AIM URL handler. By enticing a user to access a maliciously-crafted AIM URL, an attacker can trigger the overflow which could lead to an application crash or arbitrary code execution. A proof of concept for the issue has been published on the Month of Apple Bugs (MoAB) website, and the update addresses the issue by performing additional validation of AIM URLs. UserNotification The UserNotificationCenter process runs with elevated privileges in the context of a local user which could allow a malicious local user to overwrite or modify system files. A program that triggers this issue has been published on the Month of Apple Bugs (MoAB) website, and the update addresses the issue by having UserNotificationCenter drop its group privileges immediately after launching.