The second flaw warning in the Month of Apple Bugs project is for a remote code execution issue affecting the cross-platform VLC media player distributed by VideoLAN. A working exploit for the vulnerability, which follows yesterday's QuickTime security hole, has been released, alongside a warning that it targets a format string vulnerability in handling of the udp:// URL handler.
"By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC," said an advisory from LMH and Kevin Finisterre, the two hackers behind the project. The flaw and exploit were successfully tested on VLC version 0.8.6 for Mac OS X. David Maynor of Errata Security has confirmed that it also affects Windows users.
View: The full story
News source: eWeek
"By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC," said an advisory from LMH and Kevin Finisterre, the two hackers behind the project. The flaw and exploit were successfully tested on VLC version 0.8.6 for Mac OS X. David Maynor of Errata Security has confirmed that it also affects Windows users.
View: The full story News source: eWeek
If Opera has a bug that affects Windows and Linux, would that be filed under Linux stories?
Edit: oh yeah, need to fix this, I'm using it on my pc
But, if they release these without giving the company time to fix it, then it's just being a pain/attention seeking.
But, if they release these without giving the company time to fix it, then it's just being a pain/attention seeking.
Let's be clear, Apple isn't much better about this at times. There are several known bugs for various software applications from Apple that have gone unfixed for quite some time now.
That said, I find it hard to read this news without wondering about the intentions behind it. To be fair, the guys behind MOAB have stated that they will be focusing on Apple software, they will be looking at all popular software for Mac OS X. Still, this is a bug that affects a cross-platform application on more than one of its target platforms. That in and of itself should keep this from being tied to OS X as a vulnerability with that OS. Point-in-case, the title of this story and its "Bug Bites at Apple" ending... come on, that's just a pathetic attempt at garnering attention.
Beyond that, there's a severe lack of professional courtesy behind this.
Last edited by dp123 on 03 Jan 2007 - 21:25
But, if they release these without giving the company time to fix it, then it's just being a pain/attention seeking.
Let's be clear, Apple isn't much better about this at times. There are several known bugs for various software applications from Apple that have gone unfixed for quite some time now.
That said, I find it hard to read this news without wondering about the intentions behind it. To be fair, the guys behind MOAB have stated that they will be focusing on Apple software, they will be looking at all popular software for Mac OS X. Still, this is a bug that affects a cross-platform application on more than one of its target platforms. That in and of itself should keep this from being tied to OS X as a vulnerability with that OS. Point-in-case, the title of this story and its "Bug Bites at Apple" ending... come on, that's just a pathetic attempt at garnering attention.
Beyond that, there's a severe lack of professional courtesy behind this.
See here:
http://landonf.bikemonkey.org/code/macosx/
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.