Apple patches QuickTime flaw

Apple has issued a security patch for its QuickTime application nearly 11 days after the disclosure of a highly-publicised vulnerability.

The vulnerability occurs in the way QuickTime handles JavaScript code. An attacker could use a specially-crafted Java applet embedded in a web page to execute code on a machine with the permissions of the current user.

The vulnerability was discovered by independent security researcher Dino Dai Zovi, who developed a working exploit in a matter of hours.

Dai Zovi and partner Shane Macauley used the exploit to win a MacBook Pro and $10,000 prize at the CanSecWest security conference.

The vulnerability was originally reported to exist only in Safari. However, Dai Zovi and Tipping Point later disclosed that the vulnerability affected all Mac and PC Java-enabled browsers on systems with QuickTime installed.


Report a problem with article
Next Article

DRM lobby scrambles to block HD DVD crack

Previous Article

Nvidia takes lead in desktop graphics market

Join the conversation!

Login or Sign Up to read and post a comment.

10 Comments - Add comment