/>
X

Month of Apple bugs being fixed

Today is the third day in the Month of Apple Bugs (a.k.a. MOAB). MOAB is run by a hacker known as LMH, sponsor of the Month of Kernel Bugs and Kevin Finisterre. The project began with Monday's exposure of a rtsp URL handler stack-based buffer overflow in QuickTime where "A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution."
jason-d-ogrady.jpg
Written by Jason D. O'Grady, Contributing Editor on
Today is the third day in the Month of Apple Bugs (a.k.a. MOAB). MOAB is run by a hacker known as LMH, sponsor of the Month of Kernel Bugs and Kevin Finisterre. The project began with Monday's exposure of a rtsp URL handler stack-based buffer overflow in QuickTime where "A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution."
Yesterday's bug was a udp:// format string vulnerability in VideoLANs open source VLC media player which allows remote arbitrary code execution. As evidenced by the VLC exploit, the group isn't only attacking Apple products (although they are "they are the main focus") They'll also "be looking over popular OS X applications as well."
While the group responsible for the exposure of the flaws seems to have a vendetta against Apple and their users, they claim that they don't. "Getting problems solved makes that use a bit more safe each day, for everyone else. Flaws exist, with and without people disclosing them."
A modern day Robin Hood named Landon Fuller has come to the rescue with a mission to patch each of the bugs exposed by LMH and the MOAB:
So, part brain exercise, part public service, I've created a runtime fix for the first issue using Application Enhancer. If I have time (or assistance), I'll attempt to patch the other vulnerabilities, one a day, until the month is out.
I hope that Apple is paying attention to MOAB and that smart developers are going to help Fuller in his efforts. We don't need another black cloud hanging over next week's Apple love fest by the bay.

Related

Why you need an Android smartphone with a thermal and IR camera
img-6767

Why you need an Android smartphone with a thermal and IR camera

Android
Tech jobs: These are the 10 most in-demand developer, cybersecurity and cloud roles
two male and one female colleagues stood over a desk looking at a computer screen and discussing a project cheerfully

Tech jobs: These are the 10 most in-demand developer, cybersecurity and cloud roles

Developer
Microsoft to start nagging Windows 8.1 users in July about January 2023 end-of-support date
endofsupportwin81

Microsoft to start nagging Windows 8.1 users in July about January 2023 end-of-support date

Windows