Apple
Apple has fixed the QuickTime vulnerability uncovered at the CanSecWest hacking conference

Apple patches QuickTime flaw

Infamous CanSecWest vulnerability fixed

Shaun Nichols in California

vnunet.com, 02 May 2007

Apple has issued a security patch for its QuickTime application nearly 11 days after the disclosure of a highly-publicised vulnerability.  

The vulnerability occurs in the way QuickTime handles JavaScript code. An attacker could use a specially-crafted Java applet embedded in a web page to execute code on a machine with the permissions of the current user.

Advertisement

The vulnerability was discovered by independent security researcher Dino Dai Zovi, who developed a working exploit in a matter of hours.  

Dai Zovi and partner Shane Macauley used the exploit to win a MacBook Pro and $10,000 prize at the CanSecWest security conference. 

The vulnerability was originally reported to exist only in Safari. However, Dai Zovi and Tipping Point later disclosed that the vulnerability affected all Mac and PC Java-enabled browsers on systems with QuickTime installed. 

Apple has also issued an update that fixes flaws in the AirPort and FTP components for Mac OS 10.3.9 and 10.4.9.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Apple

Hacking contest yields QuickTime exploit

Researcher wins $10,000 bounty with JavaScript attack

Internet Explorer 7

QuickTime vulnerability expands to IE

Researchers execute attack in Microsoft browser

Apple issues MacBook battery fix

Update addresses laptop performance issues

Apple patches 802.11n Airports

Security fix covers two holes in base station's software

Related whitepapers

Related jobs

Most watched

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Summit: Salesforce.com on SaaS and information overload

How web services contribute to data headaches

More video

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Fingers on keyboard

New Flash vulnerability discovered

Web sites could be vulnerable to Flash attacks

Chris Adams

Summit: Microsoft Office to the rescue

Chris Adams, Office Client product manager for Microsoft UK, explains...

Illegal downloader

Industry and human rights campaigners united in opposition to "three strikes" plan

Critics says government proposals to curb illegal downloading are unworkable...

Primary Navigation