Security Patch 2005-001

· Updated: · 1 min read

Apple on a change in computing the Message-ID of mail messages, as per the Security Update 2005-001 released by Apple on January 25th:

Component: Mail Available for: Mac OS X v10.3.7 Client, Mac OS X Server v10.3.7 CVE-ID: CAN-2005-0127 Impact: Email messages sent from a single machine can be identified Description: A GUUID containing an identifier associated with the Ethernet networking hardware was used in the construction of an RFC-822 required Message-ID header. Mail now hides this information by computing the Message-ID using a cryptographic hash of the GUUID concatenated with data from /dev/random. Credit to Carl Purvis for reporting this issue.

I remember having seen the GUUID Message-ID before and it definitely puzzled me. The interesting is: The same basically applies for iCal as well! If you look at any iCal generated Event, you will find the same kind of GUUID as in Mail: 

BEGIN:VEVENTDTSTART;VALUE=DATE:19481024DTEND;VALUE=DATE:19481025SUMMARY:Emmet Browns birthdayUID:DFCF06F0-3094-11D8-B376-000A955E4630RRULE:FREQ=YEARLY;INTERVAL=1END:VEVENT

I hope they’ll fix this too: the very same UID is used when one publishes a calendar from within iCal or sends a meeting invitation.

Comments.

No comments. Be the first to add one!
Add a comment.
We'll never share your email with anyone else. We use the Gravatar system to pull in pictures based on an anonymous hash.
Once you submit your comment, it will be moderated and then show up here shortly after.