Apple has now posted details on the iChat flaw that it patched yesterday with a Mac OS X security update. The company says the problem is with “links” sent by an iChat user that can start local programs if clicked. “A remote iChat participant can send a ‘link’ that references a program on the local system. If the ‘link’ is activated by clicking on it, and the ‘link’ points to a local program, then the program will run. iChat has been modified so that ‘links’ of this type will open a Finder window that displays the program instead of running it.”
