Slashdot Mirror


Month of Apple Bugs - First Bug Unveiled

ens0niq writes "The first bug (a Quicktime rtsp URL Handler Stack-based Buffer Overflow) of the Month of Apple Bugs has been unveiled — as previously promised — by LMH and Kevin Finisterre. From the FAQ: 'This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple.'"

4 of 240 comments (clear)

  1. QuickTime runs on Windows too... by ClaraBow · · Score: 0, Redundant

    so doesn't this effect it also?

    1. Re:QuickTime runs on Windows too... by ClaraBow · · Score: 1, Redundant

      Okay, since I jumped the gun, I will answer my own questions: RTFA, yes it does!

  2. Re:At this rate by jokell82 · · Score: 1, Redundant
    Explaining that Quicktime is actually a third party application that is bundled with the OS not the OS itself.
    Actually that's (partially) true. It's not third party since it's developed by Apple, but the fact that it also affects Windows shows that it's not an OS X bug, but a Quicktime bug.

    But as another comment has pointed out, this is a month of Apple bugs, not OS X bugs.
    --
    I dunno who it is
    but it prolly is fhqwhgads.
  3. Re:There are likely thousands of security problems by TheRaven64 · · Score: -1, Redundant

    It's not just C though, Apple generally uses Objective-C, which is an object-oriented extention of C.

    Depends where you're looking. Things like Quicktime are written in C. The kernel is mostly C, but drivers are written in Embedded C++, which is a subset of C++ that is easy to compile to efficient code, but a bit nicer to use than plain C. The higher-level stuff is mainly Objective-C, with some bits done in C for speed, and some are even implemented in AppleScript (although not much). Apple seem to be one of the few companies that understands the concept that there is not yet a programming language that fits all requirements. Unfortunately, C++ and Objective-C programs still tend to use pure C-syntax stuff in speed-critical places, and it's easy for bugs to creep in.
    --
    I am TheRaven on Soylent News