Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs

["Larry Seltzer" <larry () larryseltzer com>]

It seems to me Apple is forever disclosing data file-induced overflow
bugs, in WebKit and various OS X components. You'd think a long, hard
fuzzing effort would find more of these, but the more successful it is,
the greater the imperative to address it as a matter of development
practices.

-----Original Message-----
From: Joel Esler [mailto:joel.esler () me com] 
Sent: Saturday, March 27, 2010 9:34 AM
To: Charles Miller
Cc: Larry Seltzer; funsec () linuxbox org
Subject: Re: [funsec] Miller, Pwn2Own's winner tells Apple, Microsoft to
find their own bugs

On Mar 27, 2010, at 9:31 AM, Charles Miller wrote:
> On Mar 27, 2010, at 7:30 AM, Joel Esler wrote:
>
> > Good point.
> >
> > On a positive note, one of the reasons they rewrote Quicktime was to
get rid of this stuff.  The new quicktime is much less susceptible
(allegedly) to the nonsense that the Quicktime < 10's were.
> >
>
> You've apparently drank too much of the Apple Kool-aid.


You could be right.  But, allegedly, is the key word. 


--
Joel Esler
http://blog.joelesler.net



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.