1 Comment

Summary:

The “Month of Apple Bugs” project is pretty much what it sounds like — a month devoted to finding, proving and publishing the details of exploits in Apple hardware and software. Any coincidence that it’s scheduled for the same month as MacWorld can be chalked up […]

The “Month of Apple Bugs” project is pretty much what it sounds like — a month devoted to finding, proving and publishing the details of exploits in Apple hardware and software. Any coincidence that it’s scheduled for the same month as MacWorld can be chalked up to ironic humor on the part of cheeky hackers.

So far, the biggest story has been the discovery of a buffer-overflow vulnerability that can affect Windows and Macintosh machines running QuickTime 7.1.3. All the attacker has to do is send a bogus call to a the RTSP (Real Time Streaming Protocol) URL handler via HTML, JavaScript or through a QuickTime QTL file.

How can you defend yourself? According to LMH and Kevin Finisterre who discovered the vulnerability, “The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage.”

  1. Or, just download the patches that Landon is posting on his blog.

    http://landonf.bikemonkey.org/code/macosx/

    For the ultra-paranoid, download the source, and get the APE SDK from Unsanity, and build them yourself.

Comments have been disabled for this post