“The third instalment of the Month of Apple Bugs is less impressive than the first two, since it is apparently just a new way of exploiting a known vulnerability in QuickTime (as previously used by the MySpace XSS QuickTime worm),” Stephen Withers reports for iTWire.
Withers reports, “The disclosure page does not indicate whether the Mac OS X version of QuickTime is affected as well as the one for Windows, and the proof of concept appears to rely on other Windows vulnerabilities. Furthermore, the exploit is described as a ‘cross-zone scripting attack,’ which is a Windows concept.”
Full article here.
LMH’s MoAB #3 page here.
MacDailyNews Take: Month of Apple Bugs: In like a paraplegic kitten, out like a…
Related articles:
MoAB #2: VLC Media Player udp:// Format String Vulnerability – January 03, 2007
MoAB #1: Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability – January 02, 2007