The “Month of Apple Bugs” (MoAB) continues:
LMH writes, “The following description of the software is provided by vendor (VideoLAN):”
VideoLAN is a software project, which produces free software for video, released under the GNU General Public License. The main product is the cross-platform VLC media player. The VLC media player is a highly portable multimedia player for various audio and video formats (MPEG1, MPEG2, MPEG4, DivX, mp3, ogg, …) as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
LMH writes, “A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC.”
LMH writes, “This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version).”
Full article here.
VideoLAN plans an update to VLC soon: “Updated binaries for Windows and MacOS X are not available yet. The VideoLAN project apologizes for any user inconvenience; as a volunteer activity, we cannot keep up with a zero-day security vulnerability disclosure.” More info: http://www.videolan.org/sa0701.html
Already — on just the second day of his irresponsible odyssey — LMH* is forced to try to make a bug in VideoLAN’s VLC qualify as an “Apple bug.” Fool.
We have no problem with people identifying “bugs,” if they report them to Apple first so that they can be fixed. To simply post “bugs” online for everyone, including Apple (and, in this case, VideoLAN) to find out about simultaneously is irresponsible, contemptible, and smacks of a desperate cry for attention/FUD campaign.
Doing it the right way means finding the issue, reporting it to Apple, and a fix being issued with a credit/thank you from Apple.
Doing it LMH’s way means finding the “bug,” posting it online, jeopardizing users, getting his name in articles, generating a bunch of sensationalist and incorrect Apple Mac security articles, and a fix being issued from Apple (or, in this case, VideoLAN).
So, on Day #2, with only one Apple “bug” revealed so far, LMH’s batting average has already been sliced in half. How long until he strikes out? Or do you think he’s out already after today’s caught foul tip?
*Just guessing: Loser Most Hated?
Related MacDailyNews articles:
MoAB #1: Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability – January 02, 2007
Starting January 1st: “Month of Apple Bugs” – December 19, 2006
Landon Fuller, former engineer at Apple’s BSD group is providing patches to the bugs:
http://landonf.bikemonkey.org/code/macosx/
LMH is a dumbass.
Sounds like Chicken Little trying to swing the big bat….
MW:want, as in “Want, the scourge of mediocrity”
How about the fact that this person is so detestable that he used the drawing of the Unibomber as his non-persona?
MDN Magic Word: “Values” as in this guy has NONE
“and smacks of a desperate cry for attention/FUD campaign.”
So why continue to repost it?
LMH is just looking for attention, as they admit.
It’s the nerd version of hilton.
How many people actually ise this software? I’ve never heard of it. Yikes! Desperate or what?
Isn’t he already a day behind? This is January 3 and he’s only listed two purported bugs, one of which isn’t even an Apple problem.
LOL
iScott,
You’re not serious are you?! MDN is supposed to ignore something called “Month of Apple Bugs?” What are you, four-years-old?
You people who randomly call for MDN to ignore this or that person or story (examples: Enderle, Dvorak, etc.), thinking that “it’ll just go away,” are, at best, naive.
You don’t ignore something hoping it’ll just go away. For an extreme example, see: Adolf Hitler.
You shine a bright light on something and let people see it, so they know that others know something’s wrong with it, too.
Yeah Judge Bork and you forgot to mention terrorists. Liberal scum like to put their heads in the sand and hope it goes away. Fat chance. Up yours Always Right.
Pathetic LMH. Simply pathetic. I think it’s safe to say that we’re going to start properly ignoring you now.
Get a grip and get back on topic loser…
Yes it is important to see a problem. People are mainly unhappy about looking at obvious self promotion.
To Judge Bork and Impeached liar Clinton …A little decorum please.
(I am just a simple Canadian but if I recollect he wasn’t impeached).
Malicious intent might not be too hard to argue, I suspect.
I believe this guy is posting information on these bugs because Apple has failed to fix them. He already reported them to Apple. Thats why he’s doing this. Apple has ignored them as not being important enough.
After a total absence for a couple of days …
The refurb store is just chock full of delicious used iMacs at good prices again. Yummy! ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
It retract what I said. I thought he was sending the information to Apple first. He’s a jerk.
I’ve used VLC. When Quicktime won’t play something, VLC often will.
You know. Bit Torrent Pr0n AVI files. That kind of thing.
Buster,
Clinton was impeached, in that he was summoned before the Senate to answer for charges that could have lead to his involuntary removal from office.
“Impeachment occurs so rarely that the term is often misunderstood. A typical misconception is to confuse it with involuntary removal from office; in fact it is only the legal statement of charges, parallelling an indictment in criminal law. An official who is impeached faces a second legislative vote (whether by the same body or another), which determines conviction, or failure to convict, on the charges embodied by the impeachment. Most constitutions require a supermajority to convict.”
How is a flaw in software that Apple does not own or control an Apple bug? I’m actually quite pleased that Mac OS X is so secure, that these guys have to look at vendor software to find a bug.
OTOH, if we were to classify every bit of buggy software for Windows as a Microsoft flaw…
OMT, suppose I write a program that incorrectly calculates future calendar dates. Would these guys jump up and call it an “Apple” flaw? Sounds like it. It will be interesting to see how many more flaws are real or imagined by these freeks.
Off topic:
B-b-b-b-but… Clinton!
<Sorry – couldn’t resist.>
B-SABRE
Technically you are right.
“If the full House approves at least one article of impeachment, the President is technically impeached and the matter is referred to the U.S. Senate. “
However, since the senate dismissed all counts against Clinton, I guess in most people’s eyes except for thexe ranting conservatives I see with their childish posts (and yes before people go ape-shi*, I see liberal ones too) , then he was found not guilty. It seems paradoxical that you can be gulty and not guilty at the same time.
Simple Canadian – He was impeached just not convicted. No biggie – with Public education most citizens of the U.S. don’t even know the difference.
A month of Apple Bugs (sort of) or a decade of Microsoft Bugs.
You make the call
“It seems paradoxical that you can be gulty and not guilty at the same time.”
What, like my friend OJ?
MW WORD
cptnkirk, VLC is a very popular and excellent media player. I suspect this is how it ended up on the list. He’s somehow blaming OS X for poor URL handling at the system level, I guess.
Liberal scum like to put their heads in the sand and hope it goes away
As opposed to Republicans who like to fund despots and terrorists, arm them and train them (Mujahaddin, Nicaraguan Contradoras and the Somoza crime family before them, Pre-1990 Saddam Hussein, Manuel Noriega et al, ad infinitum) and then wonder why there is a problem.