Coffeehouse Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

the month of apple bugs

Back to Forum: Coffeehouse
  • User profile image
    brian.​shapiro

    the Month of Apple Bugs,

    website for the project:
    http://projects.info-pull.com/moab/

    article on PICT bug which could allow arbitrary code execution:
    http://www.itwire.com.au/content/view/8895/53/


    MoAB maintains pressure on Apple      
    By Stephen Withers    
    Wednesday, 24 January 2007 
    The Month of Apple Bugs project is maintaining its recent focus on software actually emanating from the Cupertino-based company with the disclosure of a flaw in QuickDraw, the venerable graphics toolbox that dates back to the earliest days of the Macintosh.

    The flaw relates to the way PICT images are decoded, and it is significant because programs commonly use QuickTime to display such images, and QuickTime calls upon QuickDraw when presented with a PICT images. PICT was introduced in 1984 as the standard metafile format for Mac software, and it caters for vector and bitmapped objects.

    MoAB's LMH has discovered that a malformed PICT image can be used to corrupt the contents of memory, potentially allowing the execution of arbitrary code although that "can't be stated as [a] currently viable condition."

    The danger is that users could be induced to open a malicious web page that includes a PICT file containing the exploit.

    This exploit is reminiscent of previous vulnerabilities found in software used by Windows and Mac OS X to display other graphics formats including TIFF and BMP.

    The suggested workaround is to "Use RCdefaultApp to disable any file and MIME type associations related with PICT files", thus preventing a browser or other application from automatically opening PICT files. RCDefaultApp is a free utility from Rubicode.
     

  • User profile image
    Jack Cade

    I was quite impressed that a developer totally unaffiliated with Apple was able to fix 20 of the 24 bugs posted so far, and Apple has only fixed one so far.

  • User profile image
    cescotto

    Jack Cade wrote:
    I was quite impressed that a developer totally unaffiliated with Apple was able to fix 20 of the 24 bugs posted so far, and Apple has only fixed one so far.


    I don't think it's all that hard when the vulnerability is detailed (and MoAB details them very well with debug info, etc). Just disassemble, fix and reassemble Tongue Out

  • User profile image
    Jack Cade

    cescotto wrote:
    
    Jack Cade wrote:I was quite impressed that a developer totally unaffiliated with Apple was able to fix 20 of the 24 bugs posted so far, and Apple has only fixed one so far.


    I don't think it's all that hard when the vulnerability is detailed (and MoAB details them very well with debug info, etc). Just disassemble, fix and reassemble


    You missed out test Tongue Out
    Of course it is a little harder if you do not have access to the source code.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.