April 25, 2007 2:47 PM PDT

IE also affected by $10,000 QuickTime bug

by Joris Evers
  • Font size
  • Print
  • 3 comments

The security flaw used to breach a MacBook in a hack-a-Mac competition last week also affects Internet Explorer on Windows PCs, according to TippingPoint.

Initially, the flaw was thought to be exploitable only through Apple's Safari and Mozilla's Firefox Web browsers on both Macs and Windows PCs. Researchers at TippingPoint have now determined that the bug, which lies in Apple's QuickTime media player, also impacts Internet Explorer on Windows.

"New facts have emerged," Terri Forslof, manager of security response at TippingPoint, said in a statement Wednesday. "We have now verified that this issue affects both Windows and Mac operating systems, including Windows Vista through Internet Explorer."

Any Web browser that supports Java and has QuickTime installed is affected by this issue, according to TippingPoint. An attacker could exploit the flaw by luring a victim to a malicious Web site.

Further details on the flaw are being kept confidential until Apple patches it. TippingPoint, which sells intrusion prevention systems, had offered a $10,000 prize for a Mac zero-day vulnerability as part of the "PWN to Own" hack-a-Mac contest at the CanSecWest conference in Vancouver, B.C.

Disabling Java in a browser shields a computer against attacks that exploit the flaw, Dino Dai Zovi, who found the flaw, has said. Macs are vulnerable by default because Apple ships QuickTime with the operating system. Windows users are only vulnerable if QuickTime is installed.

Topics:

Security

Tags:

Apple,

Security,

Microsoft

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Browser security features compared
Firefox: Heat and the CPU usage problem
Firefox, Adobe top buggiest-software list
The browser battles go on and on
Firefox hopes to one-up IE with fast graphics
Hands-on Chrome beta for Mac
EU resolves Microsoft IE antitrust case
Browser makers hope WebGL will remake 3D
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
Yes
by krushyou April 25, 2007 3:42 PM PDT
Logic would say if its a QUICKTIME flaw it would affect everyone using QUICKTIME, right?
Reply to this comment
That is why...
by umbrae April 26, 2007 5:20 AM PDT
You disable Java by default and only run on trusted sites. Only Firefox makes this easy with the NoScript plug in.
Reply to this comment
Opera, too
by Kelson April 26, 2007 10:23 AM PDT
Opera also makes it easy to selectively enable Java on a site-by-site basis. F12 brings up the Quick Preferences menu, where you can disable Java in general. The same menu also includes an item for Edit Site Preferences. The Content tab allows you to enable/disable Java just for that site.
(3 Comments)
  • prev
  • 1
  • next
advertisement

Google's top antitrust defender: 'It's fun'

Life at Google is certainly different than government service for senior competition counsel Dana Wagner, but his past and present collide on a daily basis at the search giant.

CE industry hopes 'Avatar' is a hit

Good box office returns for the 3D film are expected to spur 3D entertainment from the theater to the living room.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET