QuickTime Exploit Details Disputed

Apr 27, 2007

There's definitely a serious vulnerability in QuickTime with Java code, but which browsers are affected?

A highly critical bug in Apple's QuickTime was the vector used to exploit a MacBook Pro last week at the CanSecWest security conference. But researchers are disputing what platforms are affected.

Even the researchers who wrote the exploit aren't entirely clear on what they have. The one who wrote it at first thought it a flaw in the Safari Web browser, but later on others showed it was actually a flaw in the interaction between QuickTime and Java.

Since the flaw is in QuickTime and Java, potentially any Java-enabled browser on a system with QuickTime is affected. Because of this, many sources are saying that Internet Explorer 6 and 7 are affected in those configurations .

But others are saying, as is Terri Forslof, manager of security response at TippingPoint , that IE's sandbox "does handle the vulnerability appropriately." The sandbox may only refer to IE7, or perhaps also to IE6 with SP2.

In the meantime, some are recommending that users disable Java in their browsers as the easiest way to block the attack. This may be the easiest block, but it has the potential to break other applications, so do it with caution.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Google releases work tools designed for Android phones

add to favorites email to friend print save as pdf

Related Stories

Recommended for you

Google hits back at rivals with futuristic HQ plan

15 hours ago

Google unveiled plans Friday for a new campus headquarters integrating wildlife and sweeping waterways, aiming to make a big statement in Silicon Valley—which is already seeing ambitious projects from Apple ...

Barclays to allow payments by using Twitter handles

19 hours ago

The next chapter in banks moving into the digital age is a stretch beyond reminding customers over phone lines that they can also bank online. Barclays has launched Twitter payments through Pingit.

Pebble smartwatch nears Kickstarter record

21 hours ago

The latest version of the Pebble smartwatch neared a record funding amount on Kickstarter on Friday amid growing interest in wearable tech and ahead of the highly anticipated Apple Watch launch.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.