Security researcher Piotr Bania has hit back at claims that he exaggerated
the severity of flaws that he discovered in
Apple's
QuickTime
media player.
As vnunet.com reported
yesterday, Bania
discovered four flaws
in QuickTime versions 6.5.2 and 7.0.1 which he rated "highly critical" as they
could be exploited by hackers to remotely execute malicious code.
He notified Apple but then waited until a patched version had been released
before
publicising
his discovery on the
Bugtraq security
mailing list.
The flaws were then confirmed and rated highly critical in an
advisory by
independent security monitoring organisation
Secunia.
But the news generated a
storm
of protest from Apple loyalists on the
vnunet.com comment boards,
claiming that the vulnerabilities were either not critical or not capable of
being exploited.
"My rating is the same [as Secunia's]," Bania told
vnunet.com after we brought
the reader comments to his attention.
"How can you rate 'potential remote code execution vulnerability' as not
highly critical? If the vendor confirmed the bug what more do people want? A
working worm?"
When asked whether he thought our advice to users of the older QuickTime so
ftware to upgrade was misguided, Bania said: "If someone would like to be a
potential hacker target, your advice was misguided. All normal users should
update the software."
Do you agree?
Have your say on this article