“Alan Oppenheimer of Open Door Networks (which provides Mac security tools and information) alerted us to an apparent denial-of-service hack embedded in the latest Month of Apple Bugs web page,” MacInTouch reports.
For most of today, we’ve been looking into a situation discovered here where the Month of Apple Bugs project may actually be attempting to hack Mac users who pull up the most recent bug in their browsers. It’s still unclear exactly what browsers in what versions of Mac OS X, but we’re sure enough something’s going on that we thought we should let people know.
MacInTouch reports what is known right now:
• The page for bug #29 contains the following HTML:
<img src=”bug-files/heat-up.jp2″ alt=”” height=”1″ width=”1″ />
<!– Never use the macbook at bed again when browsing the MoAB or you will fry your balls, looper –>
• The referenced .jp2 (JPEG 2000) file hangs up at least one copy of Safari running on Mac OS 10.4.8 (with all security updates installed) and requires a force quit. It’s unknown if anything else bad is done. It does not hang at least one other copy of Safari (on a Leopard build) and various copies of Firefox. The jp2 file, at first glance, looks normal (although we’ve no JPEG expertise here), but is 344KB big.
• There was a JPEG 2000 OSX vulnerability previously, but in theory it was fixed in 10.4.8. This is almost certainly a different bug.
• There’s an ongoing discussion of this issue in the MoAB Fixes Group, confirming some things.
• Apple has been alerted, and others are looking into the issue as well.
Full article here.
If it’s true, they need to be prosecuted just like anyone else who tries to hack others peoples personal property.
Pushing the envelop just a little too far.
F%&K these AssH$s;.
Must be paid by Microshaft.
We hate grandstanding scumbags like these Bug guys.
I POOP on these Leno-sucks!
I agree with Toby. This is illegal they should b prosecuted.
Aren’t they supposed to be anonymous? Soon they’ll be John Does #1 and #2.
1. Assholes
2. Okay, they made an image that crashes a program. So?
Productive, aren’t they?
Perhaps not as bad the guys just arrested for planning to kidnap, torture and behead a British soldier in the UK… but I’d still squeeze their tiny testicles to pulp. Not that I’m violent or anything. ” width=”19″ height=”19″ alt=”tongue laugh” style=”border:0;” />
Alberto Gonzalez, hello! Time to sick the DOJ on these fools!
Neutral and unbiased, my a$$!
Camino is not affected by this.
I’ll bet this isn’t even the Bug o’ the Month Club people…! You’d have to think they would realize that “we” the Mac community would be able to find that code pretty easy, and I doubt that they would use such vulgar language, if they are truly trying to be taken seriously. I’d be willing to bet that this jpg thingie was hacked onto their page…! Wonder what computer their website is run on? ; )
Get a grip guys. This is actually a good thing. It spots a vulnerability in the OS.
This may expose other similar weaknesses as well.
Apple will fix it and that will be one less bug that anyone can exploit.
It’s only a matter of time until the first one appears.
In case it wasn’t apparent before, the MoAB guy LMH (little mac hater) is a dick.
I am running Safari on 10.3.9 and it did basically tie up the browser. However the page worked in Opera.
<sarcasm>I would like to stick a lit cigarette in his eye if I were to ever meet him.</sarcasm>
Nothing happens with Firefox 2.0.0.1.
Got Virus? “It’s only a matter of time until the first one appears.”
Perhaps, but so far its been almost 6 blissful years without a virus to worry about. Or any other malware for that matter. I think I can live with that.
I think I’ll just sit back and let MDN tell me when there’s something to take note of on the MoAB site.
.
.
It’s just safer that way.
.
.
Right?
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Haven’t been back since MacDailyNews stop posting them over here, BUT seems that if the vulnerabilities had continued to be listed here, then fewer users would have need to go to their site anyway.
I new it – who do we sue.
Well, here it comes, sciggaley thingys for the Mac – Only 113,000 more to go and we’ll have caught up to Windhoes.
It is possible that this was hacked onto their page. But given the nature of the MoAB people, it’s not unreasonable that they themselves did this.
When was the last time you heard anything about the “Month of Mac Bugs”? Three weeks ago?
The poor slobs expected the Internet to explode in terror as their slew of shocking exploitations chilled Mac users everywhere to their core, unplugging their ethernet cables to protect themselves from the coming storm. Instead, people looked at their first few bugs, said “Is that the best you can come up with?”, shook their head and laughed, and went on with their lives.
I imagine the MoAB guys are in a pretty bad mood right about now. I’m not surprised that they’d try a bitter stunt like this. “Ignore US, will you? We’ll show you! We’ll show you all!”
Of course, since most Macs users don’t care about their pissy little crusade, and aren’t visiting the site, very few will be impacted by this.
No but really – Is it perfectly alright for anyone to publicly announce that they’re going to be “looking for holes” in someone else’s product? Basically advertising that they will be creating bad things meant to explore the proverbial vulnerabilities of a software product? If something they create gets out, whether its really bad or just sort of a nuisance, is there absolutely no culpability? Ooops, that’s it? You gotta be kind’n me.
That would be 113,999
That was weird. Safari just had hang up. Had to force quit. Could moab have placed something here?
Hrm seems to be quicktime .. downloaded it tried to open it in preview hung the finder and preview .. tried to open it in QT in windows xp with parallels blew that up too..
Those guys are playing with fire. Even with the disclaimer, if they intentionally planted a bomb on their web page, they should be prosecuted.