All browsers hit by QuickTime vulnerability

— 11:09 AM on April 26, 2007

The winner of a recent hacking contest has uncovered a security flaw that affects all Java-enabled browsers on all platforms, according to a report by eWeek's Security Watch. The flaw was initially unveiled during the Pwn-2-Own (sic) conference, which promised a $10,000 bounty to hackers who could break into and/or gain administrative privileges on an Apple MacBook Pro notebook. The winner used an exploit involving QuickTime and Apple's Safari browser, but according to Security Watch, the exploit also affects other browsers and operating systems with QuickTime installed.

TippingPoint Security Response Manager Terri Forslof told Security Watch, "This is probably one of the biggest vulnerabilities we've seen. It affects every platform, every browser. It's widespread, and nobody's immune to this thing." Forslof even compares the flaw's severity to that of the recent animated cursor flaw that allowed remote code execution in various versions of Windows. There are reportedly no exploits using the QuickTime vulnerability yet, but security researchers are nonetheless urging all users of QuickTime (including iTunes users) to turn off Java (not JavaScript) in their browser.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.