Month of Apple Bugs - First Bug Unveiled

ens0niq writes "The first bug (a Quicktime rtsp URL Handler Stack-based Buffer Overflow) of the Month of Apple Bugs has been unveiled — as previously promised — by LMH and Kevin Finisterre. From the FAQ: 'This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple.'"

Apple Vs. Security Researchers

[porkchop_d_clown]

Apple has had poor relations with security researchers for years. Partly it's because of the smug attitude of many Apple users - who assume that because they don't get attacked their OS is more secure; but part is also the researchers themselves.

The flame wars over the airport card exploits is a good example - first, the researchers used a 3rd party card which meant it had little to do with OS X problems, which created a number of he-said-she-said arguments. As I understand it, the airport exploit was (is still?) real, but the arguments created a lot of ill-will on both sides.