Month of Apple Bugs Cleans Up Apple Software

Landon Fuller has announced January 2007 as Month of Apple Bugs, an ambitious initiative intent on announcing a new flaw in Apple software during every day of the month. Fuller described the initiative as "part brain exercise, part public service," on his blog. Once a bug is found in Apple software, Fuller promptly develops and issues a patch to protect Apple users against the vulnerability, free of charge and independently of the vendor`s supervision.

Fuller was an engineer in Apple`s BSD Technology Group, so that he has extensive knowledge of Apple. He is also one of the architects of Darwin, an open-source is operating system designed to work alone or as a core set of components for Mac OS X. So far, he has offered patches for the two vulnerabilities, which were published by the Month of Apple Bugs project. On Tuesday, Fuller published a patch for a QuickTime vulnerability that uses Application Enhancer, a piece of software designed to improve the way applications behave. The second vulnerability found was a format string vulnerability in the VLC media player, an open-source program, allowing remote attackers to execute arbitrary code. VLC published a patch shortly after the vulnerability was discovered and reported by Kevin Finisterre, who is collaborating with the project.

"I`ve created a runtime fix for the first issue using Application Enhancer," Fuller wrote on his blog. "If I have time (or assistance), I`ll attempt to patch the other vulnerabilities, one a day, until the month is out."

                                 

Related News: