QuickTime Exploit Details Disputed
April 27, 2007There's definitely a serious vulnerability in QuickTime with Java code, but which browsers are affected?
A highly critical bug in Apple's QuickTime was the vector used to exploit a MacBook Pro last week at the CanSecWest security conference. But researchers are disputing what platforms are affected.
Even the researchers who wrote the exploit aren't entirely clear on what they have. The one who wrote it at first thought it a flaw in the Safari Web browser, but later on others showed it was actually a flaw in the interaction between QuickTime and Java.
Since the flaw is in QuickTime and Java, potentially any Java-enabled browser on a system with QuickTime is affected. Because of this, many sources are saying that Internet Explorer 6 and 7 are affected in those configurations .
But others are saying, as is Terri Forslof, manager of security response at TippingPoint , that IE's sandbox "does handle the vulnerability appropriately." The sandbox may only refer to IE7, or perhaps also to IE6 with SP2.
In the meantime, some are recommending that users disable Java in their browsers as the easiest way to block the attack. This may be the easiest block, but it has the potential to break other applications, so do it with caution.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
-
Critical QuickTime Update Released
May 03, 2007 |
4 / 5 (1) |
0
-
Mobile Flash can't die soon enough
Nov 22, 2011 |
1 / 5 (1) |
2
-
Researchers build time machine to visually explore space and time
Apr 21, 2011 |
4.9 / 5 (7) |
1
-
3-D digital dinosaur track download: A roadmap for saving at-risk natural history resources
Feb 11, 2011 |
5 / 5 (4) |
0
-
See what's brewing in 'hurricane alleys' live online, on iPad and iPhone via GOES satellite
Jul 13, 2010 |
5 / 5 (1) |
0
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (31) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
A way to send and receive wireless data
5 hours ago
-
Tabletop Cold Fusion Reactor
6 hours ago
-
Calling function with no input argument
Feb 10, 2012
-
Force free body diagram problem on gym equipment
Feb 10, 2012
-
Empirical data regarding shower heads and water
Feb 10, 2012
-
feed hold button on CNC lathe
Feb 09, 2012
- More from Physics Forums - General Engineering
More news stories
Walney offshore wind farm is world's biggest (for now)
(PhysOrg.com) -- The Walney wind farm on the Irish Sea--characterized by high tides, waves and windy weather--officially opened this week. The farm is treated in the press as a very big deal as the Walney ...
Technology / Energy & Green Tech
8 hours ago |
3.6 / 5 (8) |
24
|
Europeans protest controversial Internet pact
Tens of thousands of people marched in protests in more than a dozen European cities Saturday against a controversial anti-online piracy pact that critics say could curtail Internet freedom.
4 hours ago |
5 / 5 (3) |
0
GPS court ruling leaves US phone tracking unclear
A US Supreme Court decision requiring a warrant to place a GPS device on the car of a criminal suspect leaves unresolved the bigger issue of police tracking using mobile phones, legal experts say.
8 hours ago |
4 / 5 (2) |
0
Netflix settlement trims 14 pct off 4Q earnings
(AP) -- Netflix pressed the rewind button on its fourth-quarter earnings after settling allegations that the video subscription service violated a consumer-privacy law.
8 hours ago |
not rated yet |
0
Navy to begin tests on electromagnetic railgun prototype launcher
The Office of Naval Research (ONR)'s Electromagnetic (EM) Railgun program will take an important step forward in the coming weeks when the first industry railgun prototype launcher is tested at a facility ...
Feb 06, 2012 |
4.6 / 5 (14) |
85
|
Europe stakes billion-dollar bet on new rocket
A pencil-slim rocket is scheduled to lift into space from South America on Monday, carrying a billion-dollar bet that Europe can grab a juicy slice of the market to place satellites in low orbit.
Study finds that anti-diabetic medication can prevent the long-term effects of maternal obesity
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that show that short therapy with the anti-diabetic medication ...
Steroid injections prove effective in treatment of lumbar disc herniations
The use of epidural steroid injections may be a more efficient treatment option for lumbar disc herniations, according to research presented today at the American Orthopaedic Society for Sports Medicine's Specialty Day in ...
Amateur football players not always keen on returning to play after ACL injuries
Despite the known success rates of reconstructive Anterior Cruciate Ligament (ACL) surgery, the number of high school and collegiate football players returning to play may not be as high as anticipated, say researchers presenting ...
Study finds elevated levels of cell-free DNA in first trimester do not predict preeclampsia
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that indicate that elevated levels of cell-free DNA in ...
PRP treatment aids healing of elbow injuries say researchers
As elbow injuries continue to rise, especially in pitchers, procedures to help treat and get players back in the game quickly have been difficult to come by. However, a newer treatment called platelet rich plasma (PRP) may ...
