Apple guru combats month of bugs

by admin January 3, 2007 at 11:19 am

An attempt is being made to quickly patch flaws in Apple software that are announced by vulnerability researchers Kevin Finisterre and LMH this month.

The researchers’ “Month of Apple Bugs” project (MOAB), launched on Monday, promises to feature a new Apple software bug for each day in January. However, a senior open-source developer with extensive experience working for Apple says he is attempting to offer fixes for each flaw found.

Landon Fuller was an engineer in Apple’s BSD Technology Group, and one of the principal architects of the Darwin system: an open-source, Unix-like operating system designed to work as a standalone operating system as well as the core set of components for Mac OS X. He has already offered fixes for the two vulnerabilities published by MOAB so far.

On Monday, MOAB published an advisory for a QuickTime vulnerability which relates to how media player software handles the Real Time Streaming Protocol, or RTSP. An attacker could create a special RTSP string in a rigged QuickTime file that would cause a buffer overflow, according to the advisory.

Full story: ZDNet UK