Post - Month of Apple Bugs continues but fixes start to flow
Source ITwire.com
Quote:
The Month of Apple Bugs (MoAB) team has turned its attention to the popular cross-platform VLC media player, revealing a bug that purportedly affects the Mac OS X and Windows versions.
"By supplying a specially crafted string [to the udp:// URL handler], a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
Given that VLC is an Open Source project, we would expect a fix to be released shortly. For now, we'll just be especially careful about the files and playlists we open with this application.
In related news, Landon Fuller has created and released a patch to fix the QuickTime RTSP buffer overflow that was the subject of MoAB #1. The patch requires Unsanity's free Application Enhancer utility. He also notes that disabling the RTSP handler (as suggested by the MoAB team) may not provide protection against exploits as there are other vulnerable entry points.
"If I have time (or assistance), I'll attempt to patch the other vulnerabilities, one a day, until the month is out," writes Fuller.
