“A software engineer has vowed to quickly provide a patch for flaws in Apple Computer software that are set to be made public by researchers Kevin Finisterre and the pseudonymous LMH this month,” Tom Espiner reports for CNET News.
Espiner reports, “The vulnerability researchers’ ‘Month of Apple Bugs’ project, launched Monday, promises to announce a hole in Apple software on each day in January. However, a senior open-source developer with extensive experience working for the Mac maker says he is attempting to offer a fix for each flaw found.”
Espiner reports, “Landon Fuller was an engineer in Apple’s BSD Technology Group and is one of the principal architects of Darwin, an open-source, Unix-like operating system designed to work alone or as a core set of components for Mac OS X. He has already offered patches for the two vulnerabilities published by the Month of Apple Bugs project so far.”
Full article here.
Landon Fuller’s fixes and more: http://landonf.bikemonkey.org/code/macosx/
MoAB #2: VLC Media Player udp:// Format String Vulnerability – January 03, 2007
MoAB #1: Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability – January 02, 2007
Starting January 1st: “Month of Apple Bugs” – December 19, 2006