Slashdot Mirror

← Back to Stories (view on slashdot.org)

Month of Apple Bugs - First Bug Unveiled

Posted by Zonk on from the apple-must-be-so-proud dept.

ens0niq writes "The first bug (a Quicktime rtsp URL Handler Stack-based Buffer Overflow) of the Month of Apple Bugs has been unveiled — as previously promised — by LMH and Kevin Finisterre. From the FAQ: 'This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple.'"

4 of 240 comments (clear)

  1. At this rate by jellomizer · · Score: -1, Troll

    At this rate 30 bugs will be found. Or I could use the Linux Cop Out... Explaining that Quicktime is actually a third party application that is bundled with the OS not the OS itself. Actually this could be rather serious quicktime likes to load automaticly on Macs, and it is rather tightly integrated with the OS. So an email virus could be made that will work via webmail just as Mail.app because Quicktime files are considered to be low security item. Still being a buffer overflow I am not sure how Platform Independant the hacks can be. Infecting Intel Only or PPC Only. If intel only could the hole be in quicktime for windows too, and a possible Duel OS Virus?

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. I have a dumb question..... by 8127972 · · Score: 0, Troll

    ..... Given Apple's tendency to sue just about anything that moves so that the can preserve the "reality distortion field," are these researchers not afraid of being sued out of existence?

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
  3. Re:QuickTime runs on Windows too... by Anonymous Coward · · Score: -1, Troll
    There's a reason I browse with all plugins disabled, you know...
    Couldn't be because you're a paranoid blowhard lying sack of shit AC now could it?

    What's wrong with all the haters? No balls to show who they really are so they hide behind the AC moniker. Pussy!
  4. Apple is responsible for Apple's security holes by Anonymous Coward · · Score: -1, Troll

    This is in response to some of the nonsense above...

    There is only one irresponsible party here: APPLE. Apple is shipping these security bugs. Apple is allowing hackers into your computer. Apple isn't doing their due diligence. Apple is selecting features over security. Apple is taking shortcuts by shipping open source software. And so on. Yes, many of us love Apple. Yes, many of us are programmers and we hate to think that someone would hold us responsible for the security of our programs. But when a vendor ships software with security holes and someone else reports it, I have a very hard time blaming the latter. I want to know what's wrong with the vendor, and why they can't perform the same effort that gets these bugs found out in the wild.

    How many times have I read on Slashdot something like: "All software has security holes. Period." .. what the hell kind of attitude is this? It reminds me of people who say things like "I'll never have a million dollars." .. no shit, with that attitude you won't even TRY.

    At this point, the state of security in the computer industry is utterly, unacceptably ridiculous. I'm pretty sure that stunts like the "month of bugs" won't fix it, because nobody even bothers to point fingers at the vendor any more. The only answer, I think, is legislation. We have to hold programmers accountable just like doctors, lawyers, and other people whose work is vital to the functioning of our society.

    Yes, YOU, Mr. Philosophy Major who "picked up a PHP book one day" and are now cranking out shitty code by the bucketful, you're part of the problem, not the solution.