Terri Forslof, manager of security response at 3Com's TippingPoint division, which rewarded $10,000 to security researcher Dino Dai Zovi after finding a flaw for Apple’s Safari browser in last week's CanSecWest security conference, has disclosed that the vulnerability actually lies in the way Apple's QuickTime Media Player works with the Java programming language. QuickTime runs on both Windows and the Mac, meaning both operating systems can be attacked.

The bug "is the equivalent to a 'click and you're owned' vulnerability," said Forslof. Because the flaw has not been publicly disclosed, it is not considered to be a significant threat to QuickTime users. Dai Zovi, who lives in New York, used a URL to expose the hole. He said he has reported at least eight security vulnerabilities to Apple and has had "nothing but positive interactions" with the company.

News source: PC World



There are 25 additional comments
Advertisement
(7 replies) Quote this comment Reply to this comment #1 Posted by Ravensworth on 24 Apr 2007 - 19:02
Whether you are a Mac OS or Windows fan, can we at least all agree that QuickTime sucks?
Quote this comment #1.1 Posted by +nezermundy on 24 Apr 2007 - 19:09
Quicktime on Windows sucks, but it is not to bad on Mac.
Quote this comment #1.2 Posted by Darkinspiration on 24 Apr 2007 - 22:28
no quicktime suck, hell you have to pay to do full screen viewing...

VLC despite it's horrible interface (it's getting better) is way better
Quote this comment #1.3 Posted by +Dakkaroth on 24 Apr 2007 - 23:11
QuickTime sucks hardcore. What's worse is that I need it installed to run GoLive!.
Quote this comment #1.4 Posted by PsykX on 24 Apr 2007 - 23:22
For a Mac OS X fan, I agree that QuickTime isn't good... for once, I can say that Microsoft beats them in one thing... Media Player is better.

iTunes crushes MP though, but on the music side only.
Quote this comment #1.5 Posted by RAID 0 on 25 Apr 2007 - 02:25
Here here! I loath QT.
Quote this comment #1.6 Posted by superhuman on 25 Apr 2007 - 04:18
The only thing I know is that Quicktime is not made by Microsoft

So, Apple can go a head use QuickTime to show how suck PCs are hahahahaah
Quote this comment #1.7 Posted by whocares78 on 26 Apr 2007 - 01:59
Quote - (superhuman said @ #1.6)
The only thing I know is that Quicktime is not made by Microsoft

So, Apple can go a head use QuickTime to show how suck PCs are hahahahaah


You idiot
Quote this comment Reply to this comment #2 Posted by +GreyWolfSC on 24 Apr 2007 - 19:17
I'm glad I don't get anywhere near QuickTime or Java... lol
Quote this comment Reply to this comment #3 Posted by The_Decryptor on 24 Apr 2007 - 19:28
Funny, never knew QuickTime talked to Java.

Knew it talked to JavaScript though.
(4 replies) Quote this comment Reply to this comment #4 Posted by invalidbuffalo on 24 Apr 2007 - 20:12
I use Quicktime alternative. I'm wondering if it has the same vulnerability as if I were using quicktime.
Quote this comment #4.1 Posted by nekrosoft13 on 24 Apr 2007 - 20:19
yes, quicktime alternative uses quicktime files
Quote this comment #4.2 Posted by chaosblade on 24 Apr 2007 - 20:41
The article talks about how the player interacts with Java, not necessarily the files themselves.
Quote this comment #4.3 Posted by MaceX on 24 Apr 2007 - 22:03
Quote - (chaosblade said @ #4.2)
The article talks about how the player interacts with Java, not necessarily the files themselves.


The activex control is a quicktime player that's embedded in the browser window.
Quote this comment #4.4 Posted by Darkinspiration on 24 Apr 2007 - 22:29
quicktime alternative should not be affected. it's a codec not the player.
(5 replies) Quote this comment Reply to this comment #5 Posted by entropyx on 24 Apr 2007 - 21:48
Quicktime sucks.

Macs and Apple software are insecure.

Windows and PC's are the best.
Quote this comment #5.1 Posted by Darkinspiration on 24 Apr 2007 - 22:32
Quote - (entropyx said @ #5)
Quicktime sucks.

Macs and Apple software are insecure.

Windows is the best at being insecure.


there fixed that for you...
Quote this comment #5.2 Posted by +Dakkaroth on 24 Apr 2007 - 23:13
Quote - (Darkinspiration said @ #5.1)
Quote - (entropyx said @ #5)
Quicktime sucks.

Macs and Apple software are insecure.

Windows is the best at being insecure.


there fixed that for you...


Of course. No one would try to hack a piece of sh-- OS.
Quote this comment #5.3 Posted by PsykX on 24 Apr 2007 - 23:24
Maybe you wouldn't say that if you actually tried OS X

It's better in many ways actually, security being #1.
Quote this comment #5.4 Posted by Divide Overflow on 25 Apr 2007 - 06:14
Quote - (PsykX said @ #5.3)
Maybe you wouldn't say that if you actually tried OS X

It's better in many ways actually, security being #1.


I always wonder how through personal experience someone can say that one product is more secure than another. Vista with Microsoft's new focus on security is much more secure. . because someone says so. MacOS is always secure because. . someone says so. These almost religious beliefs are at most, entertaining. Show me a complete code review of both operating systems, and then tell me which is more secure. Please leave your opinions at the door.

"We now return to the regularly scheduled religious deba-- fanboy postur-- fangirl postur-- mindless Internet forum argu--. . . oh **** it."
Quote this comment #5.5 Posted by whocares78 on 26 Apr 2007 - 02:03
Quote - (Divide Overflow said @ #5.4)
Quote - (PsykX said @ #5.3)
Maybe you wouldn't say that if you actually tried OS X

It's better in many ways actually, security being #1.


I always wonder how through personal experience someone can say that one product is more secure than another. Vista with Microsoft's new focus on security is much more secure. . because someone says so. MacOS is always secure because. . someone says so. These almost religious beliefs are at most, entertaining. Show me a complete code review of both operating systems, and then tell me which is more secure. Please leave your opinions at the door.

"We now return to the regularly scheduled religious deba-- fanboy postur-- fangirl postur-- mindless Internet forum argu--. . . oh **** it."


Agreed, unless your a programmer or a hacker, please don't come in and tell me what is better or worse, we all know all OS's are insecure, and hey if they arent there is going to be some app that runs on it that makes it insecure. as i said in a post on another article, The OS is only as secure as the apps that run on it. You all go write an OS and we will see how secure you make it
Quote this comment Reply to this comment #6 Posted by bibutteryboy on 24 Apr 2007 - 22:47
are you allowed to alter someone else's post?
Quote this comment Reply to this comment #7 Posted by aaaaa0 on 26 Apr 2007 - 00:57
According to this: http://securitywatch.eweek.com/mac_hacked_...ous_as_ani.html

IE7 on Vista is not vulnerable.

And Windows doesn't ship with Java anymore by default anyway.
Quote this comment Reply to this comment #8 Posted by whocares78 on 26 Apr 2007 - 02:07
from what i can tell this is an issue with quick time and java, nothing to do with the OS. it's like saying acrobat has a bug but cause i have it installed on windows its a windows issue and that makes the whole OS insecure, so Microsoft needs to fix the bug.
Quote this comment Reply to this comment #9 Posted by 477!14 on 26 Apr 2007 - 15:58
i enjoy quicktime FAAAAAR more than WMP... i ****in hate WMP....
[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....