I wasn’t going to write about this because it has such a notoriously self-serving marketing slant (e.g. “we’re just trying to improve OS X by publishing early warning to you about its flaws”) but I just can’t get around the fact that people are still under the impression that life will be safer if they choose X (pun intended) operating system. So, here it is in all it’s glory, the Month of Apple Bugs (MOAB) with four bugs so far (one-a-day):
- A vulnerability in the handling of the rtsp:// URL handler allows remote arbitrary code execution.
- A vulnerability in the handling of the udp:// URL handler allows remote arbitrary code execution.
- A vulnerability in the handling of the HREFTrack field allows to perform cross-zone scripting, leading to potential remote arbitrary code execution.
- A format string vulnerability in the handling of iPhoto XML feeds title field allows potential remote arbitrary code execution.
And just for further perspective, there are some excellent resources by people who notify their user communities about proper patching and maintenance of Apple systems (no scary exploit warning tactics needed). For example, James Madison University has a nice page open to the public. Don’t get me wrong, I’m all for disclosure, but I’m also curious about the fine line between public communication with manufacturers and the risk of narcissism.