QuickTime Exploit Details Disputed

April 27, 2007

There's definitely a serious vulnerability in QuickTime with Java code, but which browsers are affected?

A highly critical bug in Apple's QuickTime was the vector used to exploit a MacBook Pro last week at the CanSecWest security conference. But researchers are disputing what platforms are affected.

Even the researchers who wrote the exploit aren't entirely clear on what they have. The one who wrote it at first thought it a flaw in the Safari Web browser, but later on others showed it was actually a flaw in the interaction between QuickTime and Java.

Since the flaw is in QuickTime and Java, potentially any Java-enabled browser on a system with QuickTime is affected. Because of this, many sources are saying that Internet Explorer 6 and 7 are affected in those configurations .

But others are saying, as is Terri Forslof, manager of security response at TippingPoint , that IE's sandbox "does handle the vulnerability appropriately." The sandbox may only refer to IE7, or perhaps also to IE6 with SP2.

In the meantime, some are recommending that users disable Java in their browsers as the easiest way to block the attack. This may be the easiest block, but it has the potential to break other applications, so do it with caution.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Critical QuickTime Update Released

Related Stories

Recommended for you

Interactive tool lifts veil on the cost of nuclear energy

August 24, 2015

Despite the ever-changing landscape of energy economics, subject to the influence of new technologies and geopolitics, a new tool promises to root discussions about the cost of nuclear energy in hard evidence rather than ...

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.