Month of Apple bugs being fixed

Summary:Today is the third day in the Month of Apple Bugs (a.k.a. MOAB). MOAB is run by a hacker known as LMH, sponsor of the Month of Kernel Bugs and Kevin Finisterre. The project began with Monday's exposure of a rtsp URL handler stack-based buffer overflow in QuickTime where "A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution."

Today is the third day in the Month of Apple Bugs (a.k.a. MOAB). MOAB is run by a hacker known as LMH, sponsor of the Month of Kernel Bugs and Kevin Finisterre. The project began with Monday's exposure of a rtsp URL handler stack-based buffer overflow in QuickTime where "A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution."

Yesterday's bug was a udp:// format string vulnerability in VideoLANs open source VLC media player which allows remote arbitrary code execution. As evidenced by the VLC exploit, the group isn't only attacking Apple products (although they are "they are the main focus") They'll also "be looking over popular OS X applications as well."

While the group responsible for the exposure of the flaws seems to have a vendetta against Apple and their users, they claim that they don't. "Getting problems solved makes that use a bit more safe each day, for everyone else. Flaws exist, with and without people disclosing them."

A modern day Robin Hood named Landon Fuller has come to the rescue with a mission to patch each of the bugs exposed by LMH and the MOAB:
So, part brain exercise, part public service, I've created a runtime fix for the first issue using Application Enhancer. If I have time (or assistance), I'll attempt to patch the other vulnerabilities, one a day, until the month is out.
I hope that Apple is paying attention to MOAB and that smart developers are going to help Fuller in his efforts. We don't need another black cloud hanging over next week's Apple love fest by the bay.

Topics: Apple

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.