iTWire - Filename bug affects multiple Apple apps

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Filename bug affects multiple Apple apps

Filename bug affects multiple Apple apps

E-mail

by Stephen Withers
Wednesday, 31 January 2007
For its penultimate instalment, the Month of Apple Bugs points to a format string vulnerability affecting Help Viewer, iMovie, iPhoto, Safari and potentially other applications using certain functions from the AppKit framework. Featured Whitepaper 5 Best Practices for Smartphone Support According to Apple's documentation, AppKit "is a framework containing all the objects you need to implement your graphical, event-driven user interface: windows, panels, buttons, menus, scrollers, and text fields." It is therefore likely to be used by a great many applications. However, Kevin Finisterre and LMH aren't claiming that the functions are inherently flawed, just that various developers don't understand how to use them properly. When one of the listed applications attempts to open a file with a name containing formatting commands, for example %n%n%n%n%n%n%n%n%n%n%n.imovieproj, a crash occurs. A code execution exploit would be "difficult". The duo show they sill have a sense of humour by suggesting that those looking for a workaround or temporary solution should "Seek out Landon Fuller and he shall destroy all that is evil!" How Fuller and other members of the MoAB Fixes group will respond to that remains to be seen. For now, they are still busy investigating what appears to be a denial of service attack on Safari that was built into day 29's disclosure. It appears that a malformed JPEG2000 image embedded in the page causes Safari to stop responding. Apparently Firefox uses a different routine for displaying such images, as it is able to render the page without incident. The fact that today's disclosure is published on Finisterre's digitalmunition.com site rather than the project's usual home might be related to yesterday's 'attack'. Or it might just be a coincidence.{moscomment} Tags See All Tags Macintosh Malware Security Software Stephen Withers Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking