Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers
MoAB maintains pressure on Apple E-mail
by Stephen Withers   
Wednesday, 24 January 2007
The Month of Apple Bugs project is maintaining its recent focus on software actually emanating from the Cupertino-based company with the disclosure of a flaw in QuickDraw, the venerable graphics toolbox that dates back to the earliest days of the Macintosh.

Featured Whitepaper

5 Best Practices for Smartphone Support
The flaw relates to the way PICT images are decoded, and it is significant because programs commonly use QuickTime to display such images, and QuickTime calls upon QuickDraw when presented with a PICT images. PICT was introduced in 1984 as the standard metafile format for Mac software, and it caters for vector and bitmapped objects.

MoAB's LMH has discovered that a malformed PICT image can be used to corrupt the contents of memory, potentially allowing the execution of arbitrary code although that "can't be stated as [a] currently viable condition."

The danger is that users could be induced to open a malicious web page that includes a PICT file containing the exploit.

This exploit is reminiscent of previous vulnerabilities found in software used by Windows and Mac OS X to display other graphics formats including TIFF and BMP.

The suggested workaround is to "Use RCdefaultApp to disable any file and MIME type associations related with PICT files", thus preventing a browser or other application from automatically opening PICT files. RCDefaultApp is a free utility from Rubicode.{moscomment}

Tags See All Tags


Apple  Macintosh  Malware  Security  Software  Stephen Withers 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More
1