Yesterday was the start of the Month of Apple Bugs, and I have to say it was a big snooze. The “exploit” supposedly allows a malicious QuickTime “movie” file to run arbitrary code on your Mac. Sounds scary, doesn’t it? Yep. The only problem is you have to really work at it to get the exploit to actually do anything. Supposedly, following this link will demonstrate the exploit and will speak the oh-so-classy message “Happy new year shit bag” using the Mac’s speech synthesizer. Unfortunately, I couldn’t get the exploit to work.
I tried following the link with Firefox and two versions of Safari. In all three cases I got a page with some garbled text on it, but nothing exciting. It’s always funny when someone reveals a supposed “exploit” and includes instructions for “if it doesn’t work for you, then try this.” And that’s what we have here. They have included a Ruby program to generate a file that is just like what you can download, and after running it, you should then “open pwnage.qtl”. I did this, and while QuickTime did open and crash, I didn’t hear the message. To be fair, and to ensure that I didn’t just miss hearing the message, I changed what the “exploit” should try to do. Instead of speaking the message, I changed it to open a terminal window, using “/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal”. Guess what happened. Nothing.
All of this tells me this “exploit” is nothing more than a Mac-hater trying to make people think that Mac’s are “just as vulnerable” as crappy Windows machines.
Let’s see if the rest of the month is as scary and exploitable as yesterday was…