Two researchers released a vulnerability in Apple's QuickTime for Windows and the Mac OS X on Monday, kicking off the Month of Apple Bugs.
The initiative, modeled after July's Month of Browser Bugs and November's Month of Kernel Bugs, will focus on a single platform, but could include flaws in non-Apple products for the Mac OS X, according to the researchers, Kevin Finisterre of Digital Munition and the person behind the Month of Kernel Bugs, known only by his initials, L.M.H. The duo claims to have discovered enough flaws in Apple's Mac OS X and other Mac OS X software to release a vulnerability for each of the 31 days in January.
Software makers will rarely be notified about the flaws beforehand, the researchers stated on the Month of Apple Bugs Web site.
"The problem with so-called 'responsible disclosure' is that, for some people, it means keeping others on hold for insane amounts of time, even when the fix should be trivial," the researchers stated. "And the reward--automated responses and euphemism-heavy advisories--doesn't pay off in the end."
Finisterre had said that Apple will be notified about some flaws a few days before release. A similar project, the Week of Oracle Database Bugs, proposed by Cesar Cerrudo, the founder and CEO of Argeniss Information Security, was scuttled at the last moment for unspecified reasons.
During the Month of Kernel Bugs, Apple supporters criticized one of the daily flaws, a vulnerability in the disk image (DMG) format, as a crash bug not an exploitable flaw. The vulnerability report was attributed to L.M.H. and Finisterre.
Posted by: Robert Lemos