While Apple has displayed a new banner on its website declaring Happy New Years, "The first 30 years were just the beginning. Welcome to 2007," the Month of Apple Bugs has been launched, as if to scorn Apple's website banner.
The Month of Apple bugs aims to reveal a new bug everyday related to Mac software. So far, 2 vulnerabilities have been revealed, a serious QuickTime flaw that is present in both Mac and Windows computers equipped with QuickTime, and could potentially allow arbitrary code execution when a user visits a booby-trapped URL using the rtsp protocol . The other vulnerability discovered was a similar flaw in VLC , allowing aribtrary code execution when using the UDP protocol.
Previously in November, the Month of Kernel Bugs revealed a new bug everyday in the Linux kernel. It turned out to be quite a success, with 30 whole bugs revealed at the end.
Is this project a good idea? Absolutely. First of all, it's a blow to the smug Apple fanboys who believe that their Macs will never be compromised by a hacker. It takes away the false reputation that Macs are invulnerable to the problems that Windows is prone to.
Next, it will improve the security of OS X. No doubt Apple will fix the flaws (just as the Linux developers got busy fixing the bugs revealed by the Month of Kernel Bugs), provided that the bug is at their end and not connected to third-party software.
Many people are now getting worried that these bugs exposed by this project will be used by hackers to exploit the Macs that everyone thought were safe. However, here's what I have to say about that: the bugs were there before, and hiding them doesn't make you any safer, it simply gives you a false sense of security. Being aware of the bugs (even if the hacker is also aware of them) makes you a little bit safer. Secondly, the "vulnerability" you feel should only be for a brief while. Apple will likely release patches for the bugs, and you'll be even better off than before this project was launched.
And if they don't? Then you can forget Apple as that company you always thought wrote bug-free software.