Apple Security Flaw Exposure Begins
As of Jan 1 2007, two security researches started posting a bug a day related to Mac’s OSX. They’re doing this in an attempt to force Apple to be more transparent and active wrt their flaws and fixing their flaws. As of Jan 2 they’ve posted one Media Player Format String Vulnerability and one Quicktime Buffer Overflow in its URL Handler.
This work is being carried out by independent security researcher Kevin Finisterre and a hacker known only as LMH.
While some of the bugs might be lower security risks, some will be significant risks, including exploits in the kernel. Besides OSX, they will also be targeting iTunes, Safari, iPhoto and Quicktime.