|
|
|
Top Stories
|
QuickTime, not Safari, to blame for MacBook vuln25 Apr 2007 02:37 pwn-2-own update
Hmmmmm....By Anonymous Coward
Posted Wednesday 25th April 2007 09:04 GMT
The more we know, the less we know. We now know it wasn't a Safari flaw. So... was it *actually* a Quicktime flaw or (possibly more likely) a Java flaw.... I think. . .By Clay Garland
Posted Wednesday 25th April 2007 12:10 GMT
I think it's more likely that the flaw is a combination of the two programs, probably Java generating some data, or doing something that it isn't supposed to do, since web java is supposed to play in a sandbox, and then quicktime, when presented with data that is totally unexpected, after all, you can't test for every possible case, and hence overflowing with some executable code causing a remote shell to pop up. Here we go again. o_OBy Anonymous Coward
Posted Wednesday 25th April 2007 12:39 GMT
Fanbois, start your engines! No excusesBy WT
Posted Wednesday 2nd May 2007 04:15 GMT
Not checking bounds is always bad. It's one of those things almost everybody does (in particular thanks to the C/C++ languages which leave this task explicitly to the programmers) but it is a very bad practise nevetheless. Considering the speed of modern hardware, there is no reason to omit bounds checking. It is about time that programmers are getting their butts kicked to always do bounds checking, no exceptions ever allowed. Better still, compilers should be upgraded to apply bounds checking by default. Until that time comes, we will have to put up with software ridden with security holes and bugs like a Swiss cheese. The period for commenting on this story has finished |
Breaking Hardware News
Intel has been ordered to hand over secret employee interviews from an internal investigation looking into documents and e-mails that went missing during its antitrust trial with AMD.
Newsletter |
|
![[Mobile]](/Design/graphics/icons/mobile.png "The Register Mobile"){kind=icon}
