“ LMH ” and Kevin Finisterre have begun theMonth of Apple Bugs , a ego - described initiative to “ ameliorate Mac OS decade ” by “ finding security flaws in dissimilar Apple software package and third - party program design for ” Mac OS X. The opening move kicks off with a description of a flaw that affects QuickTime 7.1.3 .
mark as “ MOAB-01 - 01 - 2007 , ” it describes a vulnerability in QuickTime ’s ability to care literal Time Streaming Protocol ( rtsp ) hyperlinks .
“ By supplying a specially crafted string ( rtsp:// [ random ] + semicolon + [ 299 byte padding + shipment ] ) , an attacker could overflow a stack - based pilot , using either HTML , Javascript or a QTL file as attack transmitter , leading to an exploitable outback arbitrary computer code execution shape , ” say the programmers .
“ victimisation of this issue is trivial , and mickle NX can be render useless via ret - to - libc , ” they continued .
The job cover impact QuickTime 7.1.3 , the current shipping version on both Mac OS X and Microsoft Windows . The MOAB team pop the question instructions for how to reproduce the trouble , and indicate that the only workaround for it is to incapacitate the rtsp:// URL handler , uninstall QuickTime “ or simply endure with the spirit of being a potential target for pwnage . ”
“ Pwnage ” is Internet slang for being badly tucker by an opponent ; the term originated with gamers .
LMH is the anonym of an as - yet unnamed drudge , and Kevin Finisterre is founder of Digital Munition and a Mac substance abuser . Finisterre has been credited with the initiation of the InqTana worm , a Java - based proof of concept worm that exploited a exposure in Bluetooth on some Macs , which first follow to igniter in February , 2006 .
