Slashdot Mirror

← Back to Stories (view on slashdot.org)

Month of Apple Bugs - First Bug Unveiled

Posted by Zonk on from the apple-must-be-so-proud dept.

ens0niq writes "The first bug (a Quicktime rtsp URL Handler Stack-based Buffer Overflow) of the Month of Apple Bugs has been unveiled — as previously promised — by LMH and Kevin Finisterre. From the FAQ: 'This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple.'"

6 of 240 comments (clear)

  1. Re:QuickTime runs on Windows too... by antime · · Score: 4, Informative
    RTFA:
    Affected versions

    This issue has been successfully exploited in QuickTime(TM) Version 7.1.3, Player Version 7.1.3. Previous versions should be vulnerable as well. Both Microsoft Windows and Mac OS X versions are affected.

  2. removed, but... by ens0niq · · Score: 3, Informative

    Credit line removed by the editor, but i found this report on HUP.

  3. Re:good thought but I wonder by jellomizer · · Score: 5, Informative

    These people are doing Gray Hat hacking. Where like the White Hats their goal is not to do damage to others people computers, but like the black hats feel that people need to feel a little pain before anything can get done and just reporting the problems to the company is not effective enough to get it done. It falls in the range of legal hacking, But it may not be the most moral way of doing it though. It is like finding a car door open and yelling out "Hey This Car Door is Open and all the valuables are inside someone should lock it!" vs. Finding the person who owns the car and descretly telling him to that is is unlocked. Or just locking the door yourself.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Re:QuickTime runs on Windows too... by elrous0 · · Score: 4, Informative
    You'll note that it's the "Month of *APPLE* Bugs," not the month of OS X bugs.

    -Eric

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  5. Re:No problem! by Jeff+DeMaagd · · Score: 3, Informative

    I've seen several instances where Apple was aware of a bug but waited months to fix it. Heck, the Quicktime bug that permitted the MySpace virus still runs free according to the last security thread at AppleInsider.

  6. Re:I'm afraid you are incorrect, sir. by 99BottlesOfBeerInMyF · · Score: 4, Informative

    The wireless exploit did apply to Airport cards;

    It is my understanding that the vulnerability you reference as well as the other two they fixed were both the result of an internal audit of their wireless drivers and not the result of the exploit that was publicized. The issue is more than a little muddy, however, and I'd be grateful if you could provide a reference to show either way.