Back to the articleHmmmmm.... #
Posted Wednesday 25th April 2007 09:06 GMT
The more we know, the less we know. We now know it wasn't a Safari flaw. So... was it *actually* a Quicktime flaw or (possibly more likely) a Java flaw....
QuickTime, not Safari, to blame for MacBook vuln
I think. . . #
Posted Wednesday 25th April 2007 12:48 GMT
I think it's more likely that the flaw is a combination of the two programs, probably Java generating some data, or doing something that it isn't supposed to do, since web java is supposed to play in a sandbox, and then quicktime, when presented with data that is totally unexpected, after all, you can't test for every possible case, and hence overflowing with some executable code causing a remote shell to pop up.
No excuses #
Posted Wednesday 2nd May 2007 04:31 GMT
Not checking bounds is always bad. It's one of those things almost everybody does (in particular thanks to the C/C++ languages which leave this task explicitly to the programmers) but it is a very bad practise nevetheless.
Considering the speed of modern hardware, there is no reason to omit bounds checking. It is about time that programmers are getting their butts kicked to always do bounds checking, no exceptions ever allowed. Better still, compilers should be upgraded to apply bounds checking by default.
Until that time comes, we will have to put up with software ridden with security holes and bugs like a Swiss cheese.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Managing desktop software for fun and profit
On-demand webcast - Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio Only - Enabling the Agile Data Center
On-Demand: Audio Only - Airport insecurity: the case of lost laptops
Research and key findings - Rack mount solutions
How to manage, consolidate, secure, expand and deploy - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide
