Linked by Thom Holwerda on Tue 2nd Jan 2007 17:45 UTC, submitted by odnomzagi
The first Apple bug (Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow) of Month Of Apple Bugs has been unveiled - as promised - by LMH and Kevin Finisterre. This bug is the first in a month long series.
Thread beginning with comment 198019
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-04-29
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-08-01
"I am a Linux and OSX user. I say bring it on. :-)"
Amen brother
One question though...has anybody else tried these exploits to see if they are real? How do we know that they're not just a hoax? Also, does it state somewhere what version of OS X they are running?
Here's the reason I ask:
"$ ruby exploit.rb
(...)
(gdb) r pwnage.qtl
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program:
/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player pwnage.qtl
Reading symbols for shared libraries . done
Reading symbols for shared libraries + done
sh-2.05b$ id"
Anybody else notice that the shell prompt changes, but the almighty 'haxor' didn't change shell's?! Something seems a little strange.
Edited 2007-01-02 19:15