Comments on: Mac hacked through QuickTime flaw

Hack-a-Mac contest winner exploited a zero-day bug in QuickTime that could also expose Windows users.

[mjm01010101]

YAQTF

Yet Another QuickTime Flaw.

I think this is like the 100th one this year now?

[aabcdefghij987654321]

Actually it's not that many flaws...

Actually it's not that many flaws for a piece of software of that complexity. Of course there have been several Quicktime flaws found since the last MS Media Player flaw. Why is that? Simple, while both applications were first developed before the security problems of overflows etc were recognized as a major security risk, MS has been under a lot more pressure to clean up their act than Apple has, consequently Apple hasn't done as much as they could have and now Quicktime is definitely in the cross-hairs of the hacker community.

It's definitely time that Apple take a long hard look at their Quicktime code and bring it up to date.

I'm not condemning Apple yet but if they let a few more of these happen it'll soon be time to start recommending that Quicktime be removed from all systems (not something I really want to see).

[bobmarksdale]

hmmm

this whole "mac was hacked" saga has been mighty interesting
but i just have some general things to say about it. First, i'd like
to reiterate that in order for people to even get to this hack...the
rules of the competition had to be RELAXED in order for people
to do anything. and then at that, the flaw turned out to be NOT
w/ OS X, NOT w/ Safari but w/ QuickTime but NOT just
quicktime but w/ how it interacts w/ Java. so if anybody is trying
to relate this to a typical IE or Windows exploit-which have to
deal with actual flaws w/ microsoft's WINDOWS OS and such,
your moronic and don't really understand anything. oh and btw..
the second hack challenge of gaining root privelges was never
achieved. and also for all those "mac is no safer than windows"
individuals, by making this a headline/news you've proved the
rarity of it and just furthur validated the point that Macs are
inherently safer than PCs for numerous factors.
so.....shazaaaaaaaaaam!

[Macsaresafer]

Turns out not to be a significant flaw.

Check this out: http://blogs.zdnet.com/security/?p=176

The hack needed help from a user at the Mac. From the above
article:

"Deploying the exploit required someone on the ground at the
conference. The exploit launched a shell so we needed someone
to connect to the shell and follow the instructions to claim
victory. Shane ran the actual attack and he also helped to test
the exploit ahead of time. "

Not exactly what I'd call a real world threat.

[Jon N.]

The Empire Strikes Back....

(Pipe in "The Imperial March" from "Star Wars: The Empire Strikes Back") It's a dark day for the republic. When the discovered flaws are within the apps themselves, and not within the operating systems, then it is a very dark day indeed for personal computing, and their end users. The flaws are now in the inter-operable apps themselves! That means that not only the operating system platforms that we use are now vulnerable, but the other apps that they use within them are now vulnerable, too. A sad day, indeed. Now, how soon will Mozilla, Sun, Apple, & Microsoft will issue patches and/or work-arounds? I think patches will be in this order, but I hope that some anarchistic, anti-establishmentarianist jerk won't exploit this hole before the patch is created and distributed. In the meantime...we wait....

[mjm01010101]

Please enter the subject!

I don't wait, I just uninstall quicktime. It's not the first or last time this bloated app has had vulnerabilities.

WHy do media players have the ability to script? There is no good reason.

[Ted Miller]

Here is the REAL test....

First get four very ordinary people. Two women and two men. Get four computers. Two Macs and two PC's. Give a Mac to one of the women and man. Give a PC to one women and a man. Have them all connected to the internet (Broadband) at the same time, letting them surf to their hearts content and letting them go anywhere from knitting to fishing and from gambling to porn. Let them continue at this for lets say twelve hours. After twelve hours check the systems for virus, adware, spyware, malware and outright hijacks. Only then we will see which system holds its mettle in the most ordinary conditions. To be fair add another man and women and give them a PC loaded with the most popular Linux operating system (Ubuntu as of this date) and have them do the same. Which operating system do you think will hold up with the test of time?