Tuesday, January 02, 2007

Month of Apple Bugs Project Fails on Day 2

So this hacker guy and his sidekick have announced that they're going to find an Apple bug a day for every day in January 2007, making it the Month of Apple Bugs, or MOAB. That's cool. Finding bugs or exploits in Apple software, or any other software, can be a constructive way to call attention to a software company's laziness in attending to security issues.

When such an effort is directed at Apple products, people take special note, because of the praise Apple's OS X has drawn for its security in comparison with Microsoft's Windows. If somebody can post 31 Mac vulnerabilities in 31 days, it would lend great credence to the argument that the only reason there are few Mac viruses/trojan horses/malware is because the platform affords less bang for the buck to a fame-seeking hacker. The argument has a certain appeal and probably some truth to it.

But what if the effort came up short? What if, on only the second day, the exploit hyped as an "Apple bug" was merely a bug in a multi-platform, open-source project?
This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version).
What would that tell you about the MOAB project's validity?

MAJOR UPDATE: The Unofficial Macintosh Weblog has a similar take on this shenanigans.

1 comment:

Ben said...

I agree. It's pretty ridiculous to post an open-source software flaw that affects Mac AND Windows and still call yourself an Apple-bug-hunting project.