On mySimon: Holiday Gifts Under $50
BNET Business Network:
BNET
TechRepublic
ZDNet

January 3rd, 2007

Month of Apple bugs being fixed

Posted by Jason D. O'Grady @ 5:45 am

Categories: Security

Tags:

Today is the third day in the Month of Apple Bugs (a.k.a. MOAB). MOAB is run by a hacker known as LMH, sponsor of the Month of Kernel Bugs and Kevin Finisterre. The project began with Monday's exposure of a rtsp URL handler stack-based buffer overflow in QuickTime where "A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution."

Yesterday's bug was a udp:// format string vulnerability in VideoLANs open source VLC media player which allows remote arbitrary code execution. As evidenced by the VLC exploit, the group isn't only attacking Apple products (although they are "they are the main focus") They'll also "be looking over popular OS X applications as well."

While the group responsible for the exposure of the flaws seems to have a vendetta against Apple and their users, they claim that they don't. "Getting problems solved makes that use a bit more safe each day, for everyone else. Flaws exist, with and without people disclosing them."

A modern day Robin Hood named Landon Fuller has come to the rescue with a mission to patch each of the bugs exposed by LMH and the MOAB:

So, part brain exercise, part public service, I've created a runtime fix for the first issue using Application Enhancer. If I have time (or assistance), I'll attempt to patch the other vulnerabilities, one a day, until the month is out.

I hope that Apple is paying attention to MOAB and that smart developers are going to help Fuller in his efforts. We don't need another black cloud hanging over next week's Apple love fest by the bay.

Jason D. O'GradyJason D. O'Grady is the editor of PowerPage.org, which has been publishing daily mobile technology news since December 1995. For disclosures on Jason's industry affiliations, click here or to view Jason's full profile click here.

Email Jason D. O'Grady

Subscribe to The Apple Core via Email alerts or RSS.

  • Talkback
  • Most Recent of 105 Talkback(s)
Let's be fair
I find it funny that in the article you link to it is clearly stated "not all security bugs can be turned into effective exploits." Yet, any Microsoft security bug that is found is jumped on by... (Read the rest)
Posted by: Flying Pig Posted on: 03/09/07 You are currently: a Guest | | Terms of Use
why  hopefulcoder | 01/03/07
The truth, zd can't handle the truth!  Reverend MacFellow | 01/03/07
Let's be fair  Flying Pig | 03/09/07
This is payback  tic swayback | 01/03/07
Conspiracy Theory  Moosehouse | 01/03/07
You should be better informed  tic swayback | 01/03/07
No  Moosehouse | 01/03/07
Huh?  tic swayback | 01/03/07
Can't you read?  ladyirol | 01/05/07
Nope  Moosehouse | 01/08/07
Prove it (nt)  NonZealot | 01/03/07
Here's your proof  tic swayback | 01/03/07
Sorry, that won't suffice  NonZealot | 01/03/07
Making up more lies? It's getting sad, really.  tic swayback | 01/03/07
Wow, Landon Fuller is a GOD!!  NonZealot | 01/03/07
You still don't get it, do you?  tic swayback | 01/03/07
Ohmigod  justanitguy | 01/03/07
Tell me about it!  NonZealot | 01/03/07
Learn to read  tic swayback | 01/03/07
OMG!  nomorems | 01/03/07
I'm Sorry, NZ  justanitguy | 01/03/07
You folks are useless!  nomorems | 01/03/07
Timing.  Kobashrer | 01/03/07
"Are they just trying to expose flaws to make products safer?"  nomorems | 01/03/07
I Agree  John Zern | 01/03/07
re: I Agree  Arm A. Geddon | 01/03/07
But you have to admitt  John Zern | 01/03/07
thanks John!  ladyirol | 01/05/07
Hit them over the head repeatedly  TonyMcS | 01/03/07
Never said anything about Mac software not having ANY bugs...  nomorems | 01/03/07
Dude show me one commercial that said OSX or other  Laff | 01/03/07
Patonizing Jerk  YinToYourYang-22527499 | 01/04/07
Where's the jerk whisperer when you need him  YinToYourYang-22527499 | 01/04/07
How can this be fixed?  NonZealot | 01/03/07
Wow, you sure are lying a lot these days  tic swayback | 01/03/07
Dude...  GuyAlanDye | 01/03/07
Well, I used to have respect for him  tic swayback | 01/03/07
But then you have me  Moosehouse | 01/03/07
I learned from the best:  NonZealot | 01/03/07
Still no proof  tic swayback | 01/03/07
NonZealot is no longer NZ...  nomorems | 01/03/07
let's not forget the dead  Arm A. Geddon | 01/03/07
It's about time you put that tinfoil hat on again  Scrat | 01/09/07
By the way, you're a hypocrite as well  tic swayback | 01/03/07
I learned from the best:  NonZealot | 01/03/07
Are you confused?  tic swayback | 01/03/07
Here's One  Moosehouse | 01/03/07
Keep telling yourself that.  nomorems | 01/03/07
Hey chicken little....  SquishyParts | 01/04/07
Nothing to see, move along  NonZealot | 01/03/07
Herd along, nothing to view.  nomorems | 01/03/07
Why was his post  xuniL_z | 01/04/07
At least Jobs is not Bill Gatesing his users by  hirez | 02/06/07
There's a "Month of Apple Fixes" website up...  olePigeon | 01/03/07
Guess it helps to read the last half of the article...  olePigeon | 01/03/07
Their approach is flawed...  olePigeon | 01/03/07
Highly Critical" vulnerability  Moosehouse | 01/03/07
Add another organization to the list of Apple haters  NonZealot | 01/03/07
I wouldn't believe  Moosehouse | 01/03/07
Remember when you weren't a zealot?  tic swayback | 01/03/07
Ticcy  Moosehouse | 01/03/07
Good for you  tic swayback | 01/03/07
Aww, is the consipiracy getting too big?  NonZealot | 01/03/07
Oops, I know what you will believe  NonZealot | 01/03/07
"Can't stand the fact that everyone is able to reproduce this flaw "  nomorems | 01/03/07
You see nothing but words?  NonZealot | 01/03/07
Conspiracy theorist that you are  tic swayback | 01/03/07
So you are calling Landon Fuller a liar?  NonZealot | 01/03/07
No, I'm calling you stupid  tic swayback | 01/03/07
Name calling is fun  xuniL_z | 01/04/07
Stop lying  zkiwi | 01/04/07
The day just gets better  Moosehouse | 01/03/07
Typical Apple quality  NonZealot | 01/03/07
Or  Moosehouse | 01/03/07
Or  tic swayback | 01/03/07
Why do they call you Tic?  Moosehouse | 01/03/07
Yes  tic swayback | 01/03/07
freaks!  lostarchitect | 01/04/07
Sheep! happy  comp_indiana | 01/04/07
Well after 3 days ...  mrlinux | 01/04/07
As Albert Einstein once said:  xuniL_z | 01/04/07
See the OS list...  MacCanuck | 01/04/07
Thanks, you've just convinced me not to use OSX  NonZealot | 01/04/07
I won't say it  MacCanuck | 01/04/07
whoa there.  xuniL_z | 01/05/07
Wow, what would you consider bad?  NonZealot | 01/04/07
What I consider bad...  mrlinux | 01/04/07
Really?  NonZealot | 01/04/07
Well here is my response  mrlinux | 01/04/07
Is losing all your personal files a bad thing?  NonZealot | 01/04/07
Again there is no proof that...  mrlinux | 01/05/07
Bad?  zkiwi | 01/04/07
No Vendatta?  abc123a | 01/04/07
Flaw  SquishyParts | 01/04/07
Apparentlty these are know flaws  SquishyParts | 01/04/07
MS 20+ years of bugs...  SquishyParts | 01/04/07
I agree 150%  mrlinux | 01/05/07
Not delusional at all  xuniL_z | 01/05/07
I dont know what world you live in...  mrlinux | 01/05/07
5. Mac OSX's biggest vulnerability  SquishyParts | 01/04/07
Put it on the Board yesssssssss!  jtd3rd | 01/04/07
Earth calling  xuniL_z | 01/05/07
Earth calling?  999ad@... | 01/08/07
Landon Fuller is a virus- dont install his patches  hirez | 02/06/07
Landon Fixes Fine (ignore user hirez and is ignorant ilk)  sagefoo | 02/06/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here