QuickTime Bug Gives Hackers New Drive-by Attack

A year-old bug in QuickTime that, when paired with Firefox allows, hackers to hijack PCs and Macs now has Mozilla Corp. scrambling for a fix, the company's chief security officer said Wednesday.

According to Petko Petkov, a U.K.-based Web application penetration tester, the current version of QuickTime contains a flaw in its Media Link (.qtl file formats) function. Any file with a QuickTime-supported extension -- there are more than 60 -- will be parsed by Apple Inc.'s media player. However, because it fails to sanitize the XML content, an attack can sneak links to malicious JavaScript into the file, and get QuickTime to run it.

View: The full story
News source: PCWorld

Report a problem with article
Previous Story

Intel to deliver X38 chipsets in mid-September

Next Story

Flash memory makers propose common card

9 Comments

Commenting is disabled on this article.

Hahaha, I was wondering when this would make it here, I saw it on some exploit sites yesterday as a pretty blatant post that read "0-day."

Quick Time and Firefox! He** of a combination!! Don't and won't use either of them anyway.

Thanks for posting though. Maybe those fanboys will chill out some more now!!