"The 36-year old researcher used a technique known as 'dumb fuzzing' to perform a side-by-side comparison of four different software applications: Adobe Reader, Apple Preview, Microsoft PowerPoint and Oracle's OpenOffice," Greenberg reports. "He wrote a simple Python script--just five lines of code--that randomly changes one bit of a PDF or PowerPoint file, plugs the file into the target application to see if it crashes, and then changes another bit, repeatedly tweaking and testing."
"After running his fuzzer program on the applications for 3 weeks each, Miller found nearly a thousand unique ways to make the programs crash, and combed through those data to find which of those bugs allowed him to take control of the program," Greenberg reports. "The results don't look good for Apple: 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice... Even so, Miller doesn't confine his criticism to Apple. 'Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house,' he says. 'I shouldn't be able to find bugs like these, ever.'"
MacDailyNews Take: This the annual "Much Ado About Nothing/Let's Blow This Totally Out of Proportion" festival. Microsoft apologists love it. Of course, they also think a firecracker equals an atom bomb. Expect Apple to update before any real users are affected, as usual. Still, would it kill Apple to hire a fuzzer right out of college to find these things first, get them corrected, and make Mr. Miller's "job" more difficult?
