Skip to main content
  1. Home
  2. Computing

Month of Apple Bugs Releases QuickTime Flaw

By

The Month of Apple Bugs project—a follow up to a Month of Kernel Bugs and A Month of Browser Bugs—vowed to release details of bugs and securty exploits in Apple’s Mac OS X operating system and popular Mac OS X applications…and the project is off and running, publicizing the details of a possible security exploit in Apple’s QuickTime software by overflowing buffers with specially crafted rtsp:// URLs. The bug impacts QuickTime 7.1.3 for both Mac OS X and Windows.

The Month of Bugs projects have been the center of some controversy; many software developers and security analysts feel it is irresponsible to publish the details of working security vulnerabilities in widely-available software, arguing that only feeds the ever-active malware communities lurking on the Internet’s dark underbelly and the possibility of real-world exploits. The responsible thing to do, they argue, is report the issues to the software vendors and security agencies, and publicize the details only when a patch or fix is available.

Recommended Videos

On the other hand, the “report and keep quiet” methodology rubs some people the wrong way: if their computers are vulnerable, they want to know the details now, regardless of whether a patch or fix is available, so at least they know what they’re up against. The participants in the Bug a Month projects—such as the “mysterious” programmer operating under the tag “LMH”—have also expressed frustration at the amount of time software developers like Apple and Microsoft take to patch seemingly trivial vulnerabilities.

Related

In any case, it would appear that Apple’s Mac OS X and key applications—certainly not immune to security problems but thusfar spared the malware pain of the Windows world—are under a very public microscope.

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
This major Apple bug could let hackers steal your photos and wipe your device
A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Read more
Apple may abandon the Mac Studio just 12 months after it launched
A person works at a station equipped with the all new Mac Studio and Studio Display.

Apple’s Mac Studio is less than a year old, but it could already be heading for the chopping block. That’s according to a new report from Bloomberg journalist Mark Gurman, who claims Apple might not bother updating the computer for the foreseeable future -- or could give up on it entirely.

In the latest edition of his Power On newsletter, Gurman stated his belief that a new version of the Mac Studio was unlikely to appear “in the near future.” That’s because the Mac Studio and an upcoming Mac Pro could be “similar in functionality,” making the former somewhat redundant.

Read more
This critical macOS flaw may leave your Mac defenseless
A close-up of a MacBook illuminated under neon lights.

Apple’s macOS operating system has such a strong reputation for security that many people mistakenly believe Macs simply aren’t affected by malware. Well, Microsoft has served up a reminder that that’s not true, as the company has identified a serious vulnerability that affects one of macOS’s most important lines of defense.

According to Bleeping Computer, the bug was first reported by Jonathan Bar Or, Microsoft’s principal security researcher, who named the flaw Achilles. It is now tracked as CVE-2022-42821.

Read more