main
Report a problem

$10,000 Mac Hack Affects Windows Too

Slimy   on 24 April 2007 - 18:59 · 25 comments & 6968 views

Advertisement (Why?)
Terri Forslof, manager of security response at 3Com's TippingPoint division, which rewarded $10,000 to security researcher Dino Dai Zovi after finding a flaw for Apple’s Safari browser in last week's CanSecWest security conference, has disclosed that the vulnerability actually lies in the way Apple's QuickTime Media Player works with the Java programming language. QuickTime runs on both Windows and the Mac, meaning both operating systems can be attacked.

The bug "is the equivalent to a 'click and you're owned' vulnerability," said Forslof. Because the flaw has not been publicly disclosed, it is not considered to be a significant threat to QuickTime users. Dai Zovi, who lives in New York, used a URL to expose the hole. He said he has reported at least eight security vulnerabilities to Apple and has had "nothing but positive interactions" with the company.

News source: PC World

Post a comment · Send to friend Comments · There are 25 additional comments
(7 replies) #1 Ravensworth on 24 Apr 2007 - 19:02
Whether you are a Mac OS or Windows fan, can we at least all agree that QuickTime sucks?
#1.1 +nezermundy on 24 Apr 2007 - 19:09
Quicktime on Windows sucks, but it is not to bad on Mac.
#1.2 Darkinspiration on 24 Apr 2007 - 22:28
no quicktime suck, hell you have to pay to do full screen viewing...

VLC despite it's horrible interface (it's getting better) is way better
#1.3 +Dakkaroth on 24 Apr 2007 - 23:11
QuickTime sucks hardcore. What's worse is that I need it installed to run GoLive!.
#1.4 PsykX on 24 Apr 2007 - 23:22
For a Mac OS X fan, I agree that QuickTime isn't good... for once, I can say that Microsoft beats them in one thing... Media Player is better.

iTunes crushes MP though, but on the music side only.
#1.5 RAID 0 on 25 Apr 2007 - 02:25
Here here! I loath QT.
#1.6 superhuman on 25 Apr 2007 - 04:18
The only thing I know is that Quicktime is not made by Microsoft

So, Apple can go a head use QuickTime to show how suck PCs are hahahahaah
#1.7 whocares78 on 26 Apr 2007 - 01:59
Quote - (superhuman said @ #1.6)
The only thing I know is that Quicktime is not made by Microsoft

So, Apple can go a head use QuickTime to show how suck PCs are hahahahaah


You idiot
#2 GreyWolfSC on 24 Apr 2007 - 19:17
I'm glad I don't get anywhere near QuickTime or Java... lol
#3 The_Decryptor on 24 Apr 2007 - 19:28
Funny, never knew QuickTime talked to Java.

Knew it talked to JavaScript though.
(4 replies) #4 invalidbuffalo on 24 Apr 2007 - 20:12
I use Quicktime alternative. I'm wondering if it has the same vulnerability as if I were using quicktime.
#4.1 nekrosoft13 on 24 Apr 2007 - 20:19
yes, quicktime alternative uses quicktime files
#4.2 +chaosblade on 24 Apr 2007 - 20:41
The article talks about how the player interacts with Java, not necessarily the files themselves.
#4.3 MaceX on 24 Apr 2007 - 22:03
Quote - (chaosblade said @ #4.2)
The article talks about how the player interacts with Java, not necessarily the files themselves.


The activex control is a quicktime player that's embedded in the browser window.
#4.4 Darkinspiration on 24 Apr 2007 - 22:29
quicktime alternative should not be affected. it's a codec not the player.
(5 replies) #5 entropyx on 24 Apr 2007 - 21:48
Quicktime sucks.

Macs and Apple software are insecure.

Windows and PC's are the best.
#5.1 Darkinspiration on 24 Apr 2007 - 22:32
Quote - (entropyx said @ #5)
Quicktime sucks.

Macs and Apple software are insecure.

Windows is the best at being insecure.


there fixed that for you...
#5.2 +Dakkaroth on 24 Apr 2007 - 23:13
Quote - (Darkinspiration said @ #5.1)
Quote - (entropyx said @ #5)
Quicktime sucks.

Macs and Apple software are insecure.

Windows is the best at being insecure.


there fixed that for you...


Of course. No one would try to hack a piece of sh-- OS.
#5.3 PsykX on 24 Apr 2007 - 23:24
Maybe you wouldn't say that if you actually tried OS X

It's better in many ways actually, security being #1.
#5.4 Divide Overflow on 25 Apr 2007 - 06:14
Quote - (PsykX said @ #5.3)
Maybe you wouldn't say that if you actually tried OS X

It's better in many ways actually, security being #1.


I always wonder how through personal experience someone can say that one product is more secure than another. Vista with Microsoft's new focus on security is much more secure. . because someone says so. MacOS is always secure because. . someone says so. These almost religious beliefs are at most, entertaining. Show me a complete code review of both operating systems, and then tell me which is more secure. Please leave your opinions at the door.

"We now return to the regularly scheduled religious deba-- fanboy postur-- fangirl postur-- mindless Internet forum argu--. . . oh **** it."
#5.5 whocares78 on 26 Apr 2007 - 02:03
Quote - (Divide Overflow said @ #5.4)
Quote - (PsykX said @ #5.3)
Maybe you wouldn't say that if you actually tried OS X

It's better in many ways actually, security being #1.


I always wonder how through personal experience someone can say that one product is more secure than another. Vista with Microsoft's new focus on security is much more secure. . because someone says so. MacOS is always secure because. . someone says so. These almost religious beliefs are at most, entertaining. Show me a complete code review of both operating systems, and then tell me which is more secure. Please leave your opinions at the door.

"We now return to the regularly scheduled religious deba-- fanboy postur-- fangirl postur-- mindless Internet forum argu--. . . oh **** it."


Agreed, unless your a programmer or a hacker, please don't come in and tell me what is better or worse, we all know all OS's are insecure, and hey if they arent there is going to be some app that runs on it that makes it insecure. as i said in a post on another article, The OS is only as secure as the apps that run on it. You all go write an OS and we will see how secure you make it
#6 bibutteryboy on 24 Apr 2007 - 22:47
are you allowed to alter someone else's post?
#7 aaaaa0 on 26 Apr 2007 - 00:57
According to this: http://securitywatch.eweek.com/mac_hacked_...ous_as_ani.html

IE7 on Vista is not vulnerable.

And Windows doesn't ship with Java anymore by default anyway.
#8 whocares78 on 26 Apr 2007 - 02:07
from what i can tell this is an issue with quick time and java, nothing to do with the OS. it's like saying acrobat has a bug but cause i have it installed on windows its a windows issue and that makes the whole OS insecure, so Microsoft needs to fix the bug.
#9 477!14 on 26 Apr 2007 - 15:58
i enjoy quicktime FAAAAAR more than WMP... i ****in hate WMP....

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)