Next week: Adobe
Tuesday, March 11, 2008
The lookingGlass vendor of the week.
Now that a beta version of LookingGlass has been released, I will do a write up once a week on a vendor and how they fare under the scrunity. First up is Apple. The reason Apple gets the initial treatment is that Apple’s Quicktime inspired the creation of this tool. The two Apple applications I have installed are Quicktime and iTunes. Both have modules that do not support ASLR and NX. This can give an attacker a static location to make a remote overflow work, which allowed the two previous RTSP attacks to be exploitable. I doubt you will see a change anytime soon since I doubt Apple would want to have a more secure version of their software running on Vista than they would on OSX.