[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 4 January 2007, 10:02 GMT
Security project focuses on Apple
Screenshot of Month of Apple Bugs website, Info Pull
Previous projects have focused on security bugs in browsers
Two security researchers are spending the next month publicising bugs in Apple's OS X operating system and programs that run on it.

The plan is to only publicise flaws that have never been found before.

The two hackers behind the project also propose to produce working code that can be used to exploit any loopholes they find.

The pair said they will be revealing problems that range in importance from the trivial to the critical.

Bug tracking

Describing the project on their blog, Kevin Finisterre and hacker LMH said their work was not driven by malice.

Instead, they said, highlighting problems and getting them solved would "improve" OS X and many of the programs that run on it.

"A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple," wrote the two researchers.

LMH told the BBC News website that enough bugs have already been found, including some extra ones as back-up.

Apple iPods, AP
The success of the iPod has driven interest in Apple computers
The project started on 1 January and the first discovery was a flaw in Apple's Quicktime video software and the way it handles a particular protocol.

Exploiting this bug via a booby-trapped webpage would let attackers install malicious programs on a target machine.

The attack is designed to work on Intel-based Macs and can also be used to attacks PCs running the Windows version of Quicktime. The flaw is found in version 7.1.3 of Quicktime.

LMH said there had been a variety of reactions to the project from Apple users.

He said: "We have had non-sense personal attacks, delusional responses, some people liked it, some Mac users giving thanks over email, others sent bugs."

Another response has come from former Apple employee Landon Fuller who has set up an unofficial project to patch the bugs found throughout January.

Writing about his project on his blog, Mr Fuller said: "If I have time (or assistance), I'll attempt to patch the other vulnerabilities, one a day, until the month is out."

In an e-mail to the BBC he said: "My run-time patches are band-aids, in that they wrap and protect the vulnerable code. Apple will actually fix the bugs."

Apple has yet to issue an official statement on the project. It is not known if it will produce official fixes or patches.

But, LMH told the BBC News website that he expected Apple to respond and produce official fixes.

"They may be dysfunctional at some points but they will catch up sooner or later," he said.

Previously similar projects have been run finding bugs in web browsers and the kernels, or core, of several operating systems.




SEE ALSO
Apple reveals stock option errors
29 Dec 06 |  Business
Apple issues Mac security update
30 Nov 06 |  Technology
Official warning on Mac code bug
27 Nov 06 |  Technology
Threats prompt Mac switch advice
06 Jul 06 |  Technology
Malicious worm aims to bite Apple
17 Feb 06 |  Technology
Windows virus bites Apple iPods
18 Oct 06 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific