+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Anyone paying attention to this? "Month of Apple Bugs" (/showthread.php?tid=25290)
Anyone paying attention to this? "Month of Apple Bugs" - timg - 01-02-2007
http://projects.info-pull.com/moab/
second one isn't even apple code, it's VLC.
Re: Anyone paying attention to this? "Month of Apple Bugs" - elmo3 - 01-03-2007
The second one *is* Apple code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC.
It's not VLC itself; it's Apple's code.
Re: Anyone paying attention to this? "Month of Apple Bugs" - Pat - 01-03-2007
FAQ on the linked page.
3. Are Apple products the only one target of this initiative?
Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.
Re: Anyone paying attention to this? "Month of Apple Bugs" - M A V I C - 01-03-2007
[quote elmo3]The second one *is* Apple code.
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
The Apple code dealing with the udp:// URL handler is such that a specially crafted string by a remote attacker could cause arbitrary code execution under the privileges of the user running VLC.
It's not VLC itself; it's Apple's code.
Did you miss this part?
Affected versions
This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version).
If it's Apple's code, why does the exploit also apply to Windows?
And if uninstalling VLC is a fix for this situation, how does that not make it a VLC issue?
Re: Anyone paying attention to this? "Month of Apple Bugs" - mikebw - 01-03-2007
As an aside, wouldn't the Windows equivalent be something like a hundred years of Bugs?
Re: Anyone paying attention to this? "Month of Apple Bugs" - timg - 01-03-2007
well, 3 days into the month and it seems they have run out of bugs already ... or at least they forgot to update their site today.