HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
The Month of bugs featuring Apple computers has begun and a bug has already been found. According to the website, the initiative is an effort to improve Mac OS X by uncovering security flaws in different Apple software and third-party applications.
A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.