QuickTime vulnerability found in Mac hack challenge exploitable in Internet Explorer on Windows XP

Apple Store“Anonymous sources at 3Com confirm [the] QuickTime vulnerability found in the CanSecWest “Hack a Mac” challenge] is exploitable in IE7 and IE6 on Windows XP,” Matsano Chargen reports.

Full article here.

Robert McMillan reports for Digit, “The bug that helped security researcher Dino Dai Zovi claim a US$10,000 prize at last week’s CanSecWest security conference affects Windows systems too. That’s because the flaw that Dai Zovi exploited actually lies in the way Apple’s QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com’s TippingPoint division, which put up the $10,000 prize. QuickTime runs on both Windows and the Mac.”

“Dai Dovi said he has reported at least eight security vulnerabilities to Apple and has had ‘nothing but positive interactions’ with the company,” McMillan reports.

Full article here.

19 Comments

  1. Whatever happened to the last Mac that required root access? I assume nothing. So, they failed at remote attacks and at gaining root access. The exploit that was discovered is serious and needs fixing, but I repeat the question: Does anyone really think that 2 Windoze boxes would have faired any better?

    <crickets>

  2. Well, some people here sure sound like MS apologists. The thing is, you shouldn’t have to turn off Java in Safari to remain invulnerable. We should expect better. I’m sure Steve Jobs wouldn’t want a computer that once he gets it, has to turn things off to make it run correctly.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.