BULLETIN
ADIUM REMOTE EXPLOIT CENTER URGENT ADVISORY NUMBER 1
GBWS GLOBAL BUG WEATHR SERVICE WASHINGTON DC
...REMOTE CODE EXECUTION BUG IN LIBPURPLE IS UNPATCHED IN ADIUM...
SUMMARY OF 00:18 UTC
A BUG HAS BEEN DISCOVERED IMPACTING THE INSTANT MESSAGING LIBRARY "LIBPURPLE". THIS BUG ALLOWS REMOTE EXECUTION OF CODE WITHIN LIBPURPLE VIA MECHANISMS TO BE DESCRIBED IN CVE-2017-2640. ADIUM MAINTAINERS HAVE BEEN INFORMED BUT NO RESPONSE HAS BEEN RECEIVED. ADVISE ALL USERS TO CEASE USING ADIUM UNTIL FURTHER NOTICE.
ALL RECIPIENTS RUNNING ANY VERSION OF THE ADIUM EXECUTABLE ON MACINTOSH OPERATING SYSTEMS ARE AFFECTED
According to a message posted to the Full Disclosure mailing list on March 20, 2017, Adium maintainers were contacted related to a security bug in libpurple, assigned CVE-2017-2640 (which is not public at this time). The maintainers of Adium have not yet responded to the notification. All versions of Adium are therefore considered insecure until an update is issued.