Until recently, "MOAB" was used as an acronym to "Massive Ordnance Air Blast", also known as "Munitions Ordnance Air Blast"
and "Mother Of All Bombs", the most powerful non-nuclear weapon ever designed, a descendant of the notorious "Daisy cutter", but moving into the computers field, we have another MOAB. Which one? It's the "Month of Apple Bugs", of course!
According to previous statements, the guys involved in this project, LMH and Kevin Finisterre, are in a close relation with Apple staff and they are willing to help if asked, but I can't tell you if they really did help the Cupertino-based company with more than just discovering different flaws in Mac OS X and different products for this operating system, since such information is not available at this time, yet I have something interesting to say about this matter...
If you remember, on the first day of this year, Kevin Finisterre and the guy known simply as "LMH" discovered and published an exploit for a QuickTime 7 vulnerability that existed in the handling of the rtsp:// URL handler, so that a specially crafted string supplied by an attacker could overflow a stack-based buffer using HTML, Javascript or a QTL file and leading to an exploitable remote arbitrary code execution condition.
Successfully exploited in QuickTime 7.1.3, this bug is now a part of the past, once you download and install the first update issued this year by Apple for Mac OS X, Security Update 2007-001, all worries about this problem should go away. According to Apple, the problem has been addressed by performing additional validation of RTSP URLs.
This update is available for QuickTime 7.1.3 running on Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.8 and Mac OS X Server 10.4.8, as well as Windows XP/2000.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
