Stan's List

On the same day as the launch of the Month of Apple Bugs:

A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.

Landon Fuller, a programmer, Darwin developer, and former engineer in Apple’s BSD Technology Group, has launched an effort to provide runtime fixes for each MOAB issue as they are released. A fix has already been posted for the first MOAB issue.

IT Business Edge reports on the current goings-on and speculation regarding Apple’s place in the Enterprise. “BM, for one, thinks highly enough of Apple to release a Mac version of Lotus Notes. It comes chock full of Web 2.0 features, such as embedded collaboration tools, RSS functions and personalized blog templates. Meanwhile, Apple itself is looking to patent a new GUI aimed at tying Web-based objects more closely to back-end productivity systems.” More …

Apple has posted an interesting message on its Web site stating “The first 30 years were just the beginning. Welcome to 2007.” Steve Jobs previously said “”Looking forward, 2007 is likely to be one of the most exciting new product years in Apple’s history.” More …