14 DAY TRIAL // January doesn't seem a good month for bugs, since it's rather cold in most parts of the world, but if we're talking about computer software applications bugs, it's never cold or hot enough for them not to be around, and I just found out about a bunch of new ones...
As you may already know, the Month Of Apple Bugs, shortly known as MOAB, is over. During the last two days, there have been two entries on their website, and the last one still needs to have some details added, so I guess we'll talk about LMH's and Kevin Finisterre's work tomorrow too, but let's talk about the things known at this time now, shall we?
The title of the entry made on the 30th on the MOAB website is "Multiple Apple Software Format String Vulnerabilities", and the description sounds rather scary. Check this out: "Apple Help Viewer, Safari, iMovie and iPhoto are affected by multiple format string vulnerabilities, related to certain functions from AppKit that have been documented in previous releases." Oh, my!
Even more interesting, according to isfym.com, the page from the MOAB site that presents the issue found on the 29th of January, iChat's vulnerability that I told you about yesterday, contains an exploit for the Safari browser that can lead to an application hand, resulting in the need to force quit Apple's web browser as a consequence.
Getting back to the last bugs, it seems that new format string issues have been found in Apple's Help Viewer, Safari, iMovie and iPhoto, and these programs add to the Apple Installer, Software Update, iChat and iPhoto previously found similar problems. At this time, it seems there's no workaround for these problems, but at least they are not to be considered severe security threats.
At last, the last problem found by the Month Of Apple Bugs project is entitled "Unspecified Kernel Remote Fun", and its description is "Pull the plug, beware of evil RF.", without any additional details, but stay tuned - I'll let you know more about this tomorrow, for sure. In the meantime, I guess Apple has to start working on the next security update(s)...