Two security researchers have made an early New Year's resolution, promising to release information on a security bug in Apple's software every day for a month, most likely January.
The initiative, modeled after July's Month of Browser Bugs and November's Month of Kernel Bugs, will focus on a single vendor's software. The security researchers--Kevin Finisterre of Digital Munition and the person behind the Month of Kernel Bugs, known only by his initials, L.M.H.--have discovered enough flaws in Apple's Mac OS X and other Apple software to release 31 vulnerabilities, Finisterre said in an interview with SecurityFocus.
"Last month, there were a couple of Apple disk image and wireless issues that popped up, so I half-jokingly asked when MoAB--the Month of Apple Bugs--was going to come about, and LMH said, 'Well, how about January?'" Finisterre said.
The security researcher stressed that, while they have enough vulnerabilities to hold the initiative in January, they have only started talking to Apple about the project and the month could change. A similar project, the Week of Oracle Database Bugs, proposed by Cesar Cerrudo, the founder and CEO of Argeniss Information Security, was scuttled at the last moment for unspecified reasons.
Information on some of the bugs will be given to Apple first, said Finisterre.
During the Month of Kernel Bugs, Apple supporters criticized one of the daily flaws, a vulnerability in the disk image (DMG) format, as a crash bug not an exploitable flaw. The vulnerability report was attributed to L.M.H. and Finisterre.
A nod to Security Fix.
Posted by: Robert Lemos