A pair of security researchers has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple's OS X operating system or in Apple applications that run on top of it.
The "Month of Apple Bugs" project, began on Jan. 1, and is being orchestrated in part by a security researcher who asked to be identified only by his online alias "LMH." This is the same researcher who in November ran the "Month of Kernel Bugs" project. LMH's partner in this project is Kevin Finisterre, a researcher who has reported numerous bugs to Apple over the past few years.
The security researchers told the Washington Post that, as with Apple bugs featured during the MoKB project, Apple would receive no advanced notice of the forthcoming security problems. The security researchers hope to use the project to dispel the perception that Apple systems are free of the security bugs that have long plagued Windows users.
In two days, as promised, two bugs have been publicized, all of which allows for remote arbitrary code execution:
- Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
- VLC Media Player udp:// Format String Vulnerability
Is this the end of the "bulletproof" Mac?