WabiSabiLabi answered my question on their blog in no uncertain terms.
The exploit for sale on their site is not the same as the RTSP exploit currently being exploited in the wild.
The auction states the flaw affects 7.2 which is an older version but I wouldn't be surprised if with some tweaking you would find similar vulnerable code in 7.3. With that being said I think Apple should buy it. Think about it, they have one QuickTime vuln in the wild and another for sale. It would just take one more to make a perfect storm! Plus its only a thousand euro. Although with the current exchange rate that's like 9,213,456 dollars, but hey, Apple can afford it. To me that would mean that a company is taking the security of its clients more seriously than its image.
Mozilla kinda does it with their bug bounty program and I am pretty impressed with their response time to flaws.
Showing posts with label WabiSabiLabi. Show all posts
Showing posts with label WabiSabiLabi. Show all posts
Wednesday, November 28, 2007
Subscribe to:
Posts (Atom)