QuickTime Exploit Details Disputed

Apr 27, 2007

There's definitely a serious vulnerability in QuickTime with Java code, but which browsers are affected?

A highly critical bug in Apple's QuickTime was the vector used to exploit a MacBook Pro last week at the CanSecWest security conference. But researchers are disputing what platforms are affected.

Even the researchers who wrote the exploit aren't entirely clear on what they have. The one who wrote it at first thought it a flaw in the Safari Web browser, but later on others showed it was actually a flaw in the interaction between QuickTime and Java.

Since the flaw is in QuickTime and Java, potentially any Java-enabled browser on a system with QuickTime is affected. Because of this, many sources are saying that Internet Explorer 6 and 7 are affected in those configurations .

But others are saying, as is Terri Forslof, manager of security response at TippingPoint , that IE's sandbox "does handle the vulnerability appropriately." The sandbox may only refer to IE7, or perhaps also to IE6 with SP2.

In the meantime, some are recommending that users disable Java in their browsers as the easiest way to block the attack. This may be the easiest block, but it has the potential to break other applications, so do it with caution.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Microsoft buys Office collaborator app LiveLoop

add to favorites email to friend print save as pdf

Related Stories

Recommended for you

Fitness app connects exercisers to experts

Mar 24, 2015

Can advanced networking and next-generation applications help solve some of our nation's most pressing health problems? Can mobile devices and high-speed Internet be used to improve our health and well-being? ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.