All the latest UK technology news, reviews and analysis
|
|
|
25 Apr 2007
A QuickTime vulnerability unearthed last Friday at the CanSecWest conference also infects Microsoft's Internet Explorer browser, vnunet.com has learned.
The attack was originally demonstrated on a system running Apple's Safari browser. It was found to affect Firefox on both Windows and Mac OS X systems.
Further reading
However, Terri Forslof, security response manager at Tipping Point, told vnunet.com that by adjusting the target address of the exploit, the company's DV Labs was able to execute the exploit in both Internet Explorer 6 and 7.
"This is going to affect all Java-enabled browsers," said Forslof.
Tipping Point acquired the details of the vulnerability as part of a $10,000 hacking challenge.
The original vulnerability discovery and exploit development were credited to independent researcher Dino Dai Zovi.
The exploit was written for a hacking contest at the conference in which researchers were challenged to break in to a fully patched MacBook Pro system.
Forslof said that the vulnerability can be mitigated by disabling Java within the browser or by deleting the QTJava.jar file.
A spokesperson for Microsoft told vnunet.com that the company has not found any specific flaws in Internet Explorer that allow for the attack. Microsoft suggests that users look to Apple for a fix.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Digital Account Executive Fulham, London 25k A great...
Our global consultancy client currently seeks a number...
Support Analyst x 1/2 Skills: Apple Mac OSX, Windows...
Network Consultant - London - 55-65k My client are...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Microsft Scam Backfires
So Microsoft's little scam to show OS-X is vulnerable failed and it's flaw found in Safari is in every other Java enabled browser including Explorer. Just rewards for sponsoring this sham that it should come home as yet another Windows exploit. Who will notice when there are hundreds of thousands of exploits. Clearly Microsoft is going to pretend it doesn't affect them and hope all the focus remains on Apple. When you shovel shit you better be prepared to wear some yourselves Microsoft!
Posted by: Mandy Underwood 25 Apr 2007