Now that a beta version of LookingGlass has been released, I will do a write up once a week on a vendor and how they fare under the scrunity. First up is
Apple. The reason Apple gets the initial treatment is that Apple’s Quicktime inspired the creation of this tool. The two Apple applications I have installed are Quicktime and iTunes. Both have modules that do not support ASLR and NX. This can give an attacker a static location to make a remote overflow work, which allowed the
two previous RTSP attacks to be exploitable. I doubt you will see a change anytime soon since I doubt Apple would want to have a more secure version of their software running on Vista than they would on OSX.
Next week: Adobe
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.