Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Mac flaw may also affect Windows
Published: 2007-04-23

The attack successfully used in last week's CanSecWest competition exploits a Java-based flaw in QuickTime and affects all browsers on systems with the multimedia software installed, possibly including Windows, Dino Dai Zovi, who discovered the flaw, told SecurityFocus on Monday.

"Firefox on Windows is considered at risk at this time," said Dai Zovi, who had been cleared by TippingPoint's Zero Day Initiative to discuss certain aspects of the attack. "Safari and Firefox are considered vulnerable on Mac OS."

Security researcher Shane Macaulay used the flaw to compromise a MacBook Pro on Friday at the CanSecWest conference to successfully win one of the two MacBooks offered as a prize. Dai Zovi, who found the flaw used in the attack, will receive a $10,000 bounty offered by TippingPoint, the security division of networking giant 3Com. That figure is in line with the price paid for vulnerability information by TippingPoint in the past, which launched its vulnerability-buying program in 2005.

To be safe, users of both the Mac OS X and Windows should turn off Java, if they have Apple's QuickTime software installed, Dai Zovi said.

UPDATE: The article was updated with additional information about TippingPoint's vulnerability buying program, the Zero Day Initiative.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Mac flaw may also affect Windows 2007-04-24
Anonymous
Mac flaw may also affect Windows 2007-04-24
Juha-Matti Laurio (1 replies)
Re: Mac flaw may also affect Windows 2007-04-25
Robert Lemos (1 replies)
Re: Re: Mac flaw may also affect Windows 2007-04-27
Juha-Matti Laurio
Mac flaw may also affect Windows 2007-04-25
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus