Patch/Configuration Management, Vulnerability Management

QuickTime flaw found at CanSecWest also affects Internet Explorer on Vista


Researchers at TippingPoint said today that the vulnerability exploited last week to hack into a MacBook Pro at CanSecWest also affects Microsoft's Internet Explorer browser on the Windows Vista operating system.

The flaw was first discovered as part of a "hack-a-Mac" contest at the Vancouver, B.C. conference, for which researcher Dino Dai Zovi won $10,000.

Terri Forslof, manager of security response at TippingPoint, said today that "new facts have emerged as we have had time to analyze (the flaw) further."

"Initially the proof-of-concept code provided by the researcher, Dai Zovi, only worked against the Safari and Firefox browsers. We have now verified that this issue affects both Windows and Mac operating systems, including Windows Vista through Internet Explorer," she said. "We strongly believe at this point that any Java-enabled browser that has the vulnerable QuickTime Java extension installed is affected by this issue."

The flaw was initially believed to affect only Apple’s Safari browser.

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.