$10,000 Mac Hack Affects Windows Too

Terri Forslof, manager of security response at 3Com's TippingPoint division, which rewarded $10,000 to security researcher Dino Dai Zovi after finding a flaw for Apple's Safari browser in last week's CanSecWest security conference, has disclosed that the vulnerability actually lies in the way Apple's QuickTime Media Player works with the Java programming language. QuickTime runs on both Windows and the Mac, meaning both operating systems can be attacked.

The bug "is the equivalent to a 'click and you're owned' vulnerability," said Forslof. Because the flaw has not been publicly disclosed, it is not considered to be a significant threat to QuickTime users. Dai Zovi, who lives in New York, used a URL to expose the hole. He said he has reported at least eight security vulnerabilities to Apple and has had "nothing but positive interactions" with the company.

News source: PC World

Report a problem with article
Previous Story

Kaspersky: Mac and Linux viruses to rise 'significantly'

Next Story

Interview with Hitachi GST's Shiv Shivaji

23 Comments

Commenting is disabled on this article.

from what i can tell this is an issue with quick time and java, nothing to do with the OS. it's like saying acrobat has a bug but cause i have it installed on windows its a windows issue and that makes the whole OS insecure, so Microsoft needs to fix the bug.

chaosblade said,
The article talks about how the player interacts with Java, not necessarily the files themselves.

The activex control is a quicktime player that's embedded in the browser window.

For a Mac OS X fan, I agree that QuickTime isn't good... for once, I can say that Microsoft beats them in one thing... Media Player is better.

iTunes crushes MP though, but on the music side only.

The only thing I know is that Quicktime is not made by Microsoft

So, Apple can go a head use QuickTime to show how suck PCs are hahahahaah

superhuman said,
The only thing I know is that Quicktime is not made by Microsoft

So, Apple can go a head use QuickTime to show how suck PCs are hahahahaah :laugh:

You idiot