Re: Quicktime enables Apple Mac hack
- From: Snit <CSMA@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Apr 2007 20:36:43 -0700
"Barry's Leftnut" <testicle@xxxxxxx> stated in post
462eb1c2$0$18928$4c368faf@xxxxxxxxxxxxxx on 4/24/07 6:41 PM:
On 2007-04-24 12:57:10 -0400, Snit <CSMA@xxxxxxxxxxxxxxxxxxxxx> said:I don't... nor have I read about any real world problems caused by this.
The Apple Mac vulnerability that put $10,000 into the pocket
of a hacker during a Mac hacking contest is in Apple's
QuickTime media player, according to researchers.
"Dino's finding targets Java handling in QuickTime," said
Matasano researcher Thomas Ptacek on Matasano's blog. "Any
Java-enabled browser is a viable attack vector, if QuickTime
is installed. Apple's vulnerable code ships by default on
Mac OS X (obviously) and is extremely popular on Windows,
where this code introduces a third-party vulnerability."
I wonder how many of the folks who tried to excuse Apple by saying it was a
third party bug will now say the third party bug, introduced by Apple, is
not a sign of weakness for Windows?
So anyone know anybody who is effected by this?
I didn't think so.
? Teaching is a "real job"
? The path "~/users/username/library/widget" is not common on any OS
? The term "all widgets" does not specify a specific subgroup of widgets