Also as far as does it count because it uses ruby to get to the exploit. So if Windows services for Unix is installed and allows anyone in the world to do whatever they want on a windows 2003 server...that wouldn't count as a Microsoft OS vulnerability? And you'll be on FR arguing how it's not a real issue becaues it not an OS bug but only impacts those users/businesses that chose to install unix services on Windows?
#1 is a flaw in Quicktime affects on Windows and Intel OS X Macs:
Requires a working Ruby interpreter. The exploit provided will create a QTL file, which can be locally opened or served remotely via web server. The exploit source code includes notes and other comments about the different options available.
Quicktime is not shipped with Windows as far as I know but it is shipped with all versions of OS X. However, on OS X it is a security vulnerability for those who have Ruby installed and running. A fix is already available.
#2 is a flaw in VLC Media Player and affects both Windows and OS X.
Apparently it crashes the app on Mac OS X. It is not shipped with nor is it a part of OS X or Windows. This is not an Apple flaw but a flaw in VLC. VLC has announced a fix.
Requires a working Perl interpreter. The exploit(s) provided will create a M3U file, which can be locally opened or served remotely via web server. The exploit source code includes notes and other comments about the different options available. Both x86 and PowerPC versions are provided.
As stated this is not a flaw in either Apple or Windows. It is a flaw in VLC. Apparently on both platforms, according to several security experts who have examined BoAB's claims, it merely crashes the application.
#3 in a Quicktime vulnerability that seems to only affect the Windows version of Quicktime.
It is related to the MySpace worm that My space fixed on their website.
Requires a working Ruby interpreter. If 'serve' argument is passed, it will launch both a web server (via Webrick) and a non-standard (aka quick hack) FTP server. The exploit uses Microsoft Text Driver ADODB connection which requires an anonymous FTP login to the exploit location, for an unknown reason. The FTP hack hasn't been fully tested and thus it's been removed from the public version. It will generate the files for the location of your choice.While this is not an OS X vulnerability of flaw, it is an Apple application and needs to be fixed.
Ok, finally an reasonable answer.
So #1 is a problem that ships with the OS that is exploitable.
Now all I need to do is bookmark this for the next time I hear someone claim Mac is foolproof.
Well that's not quite as bad as actually shipping a Windows virus to Windows iPod users, then trying to blame Microsoft. ;-)