Researchers at eEye Digital Security have pinpointed two high-risk vulnerabilities in iTunes and QuickTime that could put millions of Windows and Mac users at risk of code execution attacks. eEye issued two alerts on its upcoming advisories web page to warn of heap overflows and integer overflows in the two Apple products. eEye said the vulnerabilities affect QuickTime/iTunes on Windows NT, Windows 2000, Windows XP and Windows Server 2003. Mac OS X users are also vulnerable to the code execution attacks.
I’m intrigued to know how they find out about these “flaws.” Do Apple actually allow this company access to the Quicktime source, or if not how?
The same way most windows flaws are found. You keep beating on it with a hammer until it breaks.
Of course that puts the whole windows name in a very apt and funny spot.
Of course one day MSFT is going to develop a very resistant window. But you have to break a few first I guess.
I’m intrigued to know how they find out about these “flaws.” Do Apple actually allow this company access to the Quicktime source, or if not how?
They can often be found using various debugging tools, you can run the app in a controlled environment, and analyze it’s execution as you input data into it.
Sometimes there are actual errors generated in an app that are generally minor enough that the OS doesn’t bother reporting them or stopping execution, so the average user may not be aware, but using tools to track these errors can give an indication of where weak points may be in the code.
And sometimes it’s fluke; play around with the formatting of input data or otherwise operate the app in a manner that it wasn’t designed for, and see what happens. Often times vulnerabilities arise because the coders don’t do enough analysis of the input data to make sure it’s valid, or assume that blocks of code will be executed in a certain manner and don’t account for abnormal circumstances.
Source code can make it easier to find problem areas, but at the same time it also makes it easier for researchers to analyze the actual impact and flow, and suggest or create patches. I’m not sure if there’s a clear answer to whether or not apps with open source available are more secure than apps with closed source, but I do believe that open source apps are patched faster, simply because the people locating errors are often able to patch or details them as well.
Having said all that, note that I’m not a developer or security researcher, that’s just my basic understanding of the process so please take it with a grain of salt.
Having said all that, note that I’m not a developer or security researcher, that’s just my basic understanding of the process so please take it with a grain of salt.
That sounds about right, in regards to the description of finding these vulnerabilities; there are a number of tools in the Windows SDK; you can load your exe, and it’ll list the dependent dlls it relies on, you can run it, and see the memory usage, to track and possible memory leaks etc. etc.
All of this, unfortunately takes time, and its not always the case that they’ll show up everytime that these tests are run as each time one interacts with the application that slightly bit differently – hence the reason they’re not always picked up by the software vendors.
I’m interested too, look at all the problems Microsoft have, and they don’t go (willingly) releasing their code.
I’m interested too, look at all the problems Microsoft have, and they don’t go (willingly) releasing their code.
Microsoft actually does release code to several independent security firms.