![]() Sounds like there are plenty more bugs to be found. QuickTime for Mac 7.7.0 Download Play any media you want 1/3 Quicktime runs on Mac machines and is primarily used for playing different media files. In addition to the security fix, the iTunes 8.2 release includes support for the upcoming iPhone 3.0 software, which is expected to be unveiled at Apple's Worldwide Developer Conference next week in San Francisco.ĭamian emailed me and confirmed, saying "I have never read this book :) Vulnerability was found by using very trivial fuzzing methods, they are still effective against QuickTime." ![]() In its security advisory, Apple credited both Miller and Put with finding the issue. However, he added, "Had we read the book prior to receiving this issue from Damian, we probably would not have made an offer." Recently three separate researchers submitted identical Internet Explorer flaws within a six-month period. It's not unusual for two hackers to discover the same bug, Amini said. Miller and Dai Zovi's book lists for US$50.Īlthough Put used a different technique from Miller and Dai Zovi to find the issue, TippingPoint didn't know that it had bought the bug in "The Mac Hacker's Handbook" until Apple informed it about a week ago, according to TippingPoint's security research manager, Pedram Amini. Although TippingPoint wouldn't say what it paid Put for the flaw, companies typically pay thousands of dollars for bugs like this. After members of Apple's security team approached him at the conference to ask about the issue, he handed over the exploit code, he said Monday.Ĭoincidentally, another Mac hacker, Damian Put, sold the same flaw one month later to 3Com's TippingPoint division, which also reported the issue to Apple. Miller disclosed during a talk at the CanSecWest conference in March that he had hidden instructions for finding the flaw in his book. "I didn't show the bug, but I gave the recipe for how to find it." "If you followed all the steps you would find. In an interview Monday, Miller said he put instructions for finding the bug in a section of the book that describes how to find flaws in Apple's software. However, it turns out that one flaw - a bug in the way QuickTime reads files that are compressed using the JPEG 2000 (JP2) compression standard - was partially disclosed in Charlie Miller (pictured, right) and Dino Dai Zovi's (left) book, "The Mac Hacker's Handbook," released in March. Most of the bugs were not publicly known of before today's updates, so it's unlikely that they were exploited by cyber-criminals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |