First Month of Apple Bugs Vulnerability Published
An anonymous computer security researcher known by the online name LMH, who promised to organize the so-called “Month of Apple Bugs”, has published information about the first vulnerability – this time in Apple QuickTime software.
A vulnerability in the rstp: // link handler allows a hacker to trigger a buffer overflow error using a special string and remotely run arbitrary code. LMH provided an example of a code that exploits the vulnerability found.
LMH notes that at the moment the only possible remedies for the vulnerability found are to disable the processing of links like rstp: // or to completely uninstall Apple QuickTime software.
More information about the vulnerability found and a sample of the code that uses it can be found on this page.