Re: Quicktime enables Apple Mac hack

"Barry's Leftnut" <testicle@xxxxxxx> stated in post
462eb1c2$0$18928$4c368faf@xxxxxxxxxxxxxx on 4/24/07 6:41 PM:

On 2007-04-24 12:57:10 -0400, Snit <CSMA@xxxxxxxxxxxxxxxxxxxxx> said:
The Apple Mac vulnerability that put $10,000 into the pocket
of a hacker during a Mac hacking contest is in Apple's
QuickTime media player, according to researchers.

"Dino's finding targets Java handling in QuickTime," said
Matasano researcher Thomas Ptacek on Matasano's blog. "Any
Java-enabled browser is a viable attack vector, if QuickTime
is installed. Apple's vulnerable code ships by default on
Mac OS X (obviously) and is extremely popular on Windows,
where this code introduces a third-party vulnerability."

I wonder how many of the folks who tried to excuse Apple by saying it was a
third party bug will now say the third party bug, introduced by Apple, is
not a sign of weakness for Windows?

So anyone know anybody who is effected by this?


I didn't think so.

I don't... nor have I read about any real world problems caused by this.

? Teaching is a "real job"
? The path "~/users/username/library/widget" is not common on any OS
? The term "all widgets" does not specify a specific subgroup of widgets