The security hole used to breach a MacBook in a hack-a-Mac competition last week lies in Apple's QuickTime media player, the flaw finder said Tuesday. The vulnerability is related to how QuickTime handles Java, said security researcher Dino Dai Zovi. An attacker can exploit the bug through Safari or Firefox, he said. Initial reports were that the flaw was in Safari, Apple's Web browser.
"It is a vulnerability within QuickTime. Safari and Firefox on Mac OS X are vulnerable," Dai Zovi said. QuickTime is also widely used on Windows machines, so Windows users may also be at risk, he said. "At this time, Firefox on Windows is considered at risk," Dai Zovi said.
Security monitoring company Secunia deems the flaw "highly critical," one notch below its most serious rating. "This can be exploited to execute arbitrary code when a user visits a malicious Web site," Secunia said. Apple's most recent QuickTime security update was in March.
View: Full post
Apple, Mac, QuickTime, Flaw, Vulnerability, bug, Hack, Hacker,Hacked, Intrusion