QuickTime Exploit Details Disputed

April 27, 2007

There's definitely a serious vulnerability in QuickTime with Java code, but which browsers are affected?

A highly critical bug in Apple's QuickTime was the vector used to exploit a MacBook Pro last week at the CanSecWest security conference. But researchers are disputing what platforms are affected.

Even the researchers who wrote the exploit aren't entirely clear on what they have. The one who wrote it at first thought it a flaw in the Safari Web browser, but later on others showed it was actually a flaw in the interaction between QuickTime and Java.

Since the flaw is in QuickTime and Java, potentially any Java-enabled browser on a system with QuickTime is affected. Because of this, many sources are saying that Internet Explorer 6 and 7 are affected in those configurations .

But others are saying, as is Terri Forslof, manager of security response at TippingPoint , that IE's sandbox "does handle the vulnerability appropriately." The sandbox may only refer to IE7, or perhaps also to IE6 with SP2.

In the meantime, some are recommending that users disable Java in their browsers as the easiest way to block the attack. This may be the easiest block, but it has the potential to break other applications, so do it with caution.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 4.5 /5 (2 votes)


April 27, 2007 all stories

Comments: 0

4.5 /5 (2 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories




  • hide

  • Relevant PhysicsForums posts

  • Laser plasma emission
    created 16 hours ago
  • Achromat lens - magnifying LCD
    created Nov 25, 2009
  • Control System
    created Nov 24, 2009
  • Base Isolation Systems in Skyscrapers?
    created Nov 23, 2009
  • More from Physics Forums - General Engineering

Other News

Semantic research sets world standards

Semantic research sets world standards

Technology / Computer Sciences

created 3 hours ago | popularity 2 / 5 (1) | comments 0

(PhysOrg.com) -- European researchers have created new tools for semantic technology development which are helping to set the next generation of official standards. The tools also unblock some key bottlenecks ...


Cellphone powers back pain chip in Taiwan

Technology / Engineering

created 4 hours ago | popularity 3 / 5 (1) | comments 0

Taiwanese researchers have developed a chip to treat backpain that is powered by mobile phone, a member of the team said Friday.


Lenovo buying back mobile phone business

Technology / Business

created 3 hours ago | popularity not rated yet | comments 0

(AP) -- Personal computer maker Lenovo Group said Friday it is joining the race to develop products that link phones and PCs by buying back a mobile phone business that it sold last year.


Food banks go high-tech to feed the hungry (AP)

Food banks go high-tech to feed the hungry

Technology / Hi Tech

created 3 hours ago | popularity not rated yet | comments 0

(AP) -- Food banks across the country are undergoing a high-tech revolution, adopting sophisticated databases, bar coding, GPS tracking, automated warehouses and other technologies used in the food industry ...


Apple's iPhone set to make splash in South Korea (AP)

Apple's iPhone set to make splash in South Korea

Technology / Business

created 4 hours ago | popularity not rated yet | comments 0

(AP) -- The iPhone's arrival in South Korea is generating considerable buzz among consumers and industry watchers amid expectations it will shake up a market dominated by world-beating domestic manufacturers.




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter