Ex-Apple Engineer Launches Bug Fix Campaign

Month Of Apple Bugs (MOAB) project

Landon Fuller, a former engineer in Apple's BSD Technology Group, characterized his plan as "part brain exercise, part public service" and said he will attempt to patch future MOAB flaws as time allows.

The Month Of Apple Bugs is the brainchild of security researchers Kevin Finisterre and L.M.H., and since launching on Tuesday has posted information and exploits on vulnerabilities affecting Apple and Windows versions of QuickTime, as well as the Apple version of the open-source VLC media player.

Though Finisterre and L.M.H. said the only potential workaround for the QuickTime flaw would be to disable the RTSP URL handler, that step wouldn't necessarily work because there are other vulnerable entry points to the application, Fuller noted in a blog post.

Fuller posted fixes on his blog for both vulnerabilities and invited security researchers to send him patches and other information on future MOAB bugs for inclusion in a planned mailing list.