Apple
Apple has fixed the QuickTime vulnerability uncovered at the CanSecWest hacking conference

Apple patches QuickTime flaw

Infamous CanSecWest vulnerability fixed

Written by Shaun Nichols in California

vnunet.com, 02 May 2007

Apple has issued a security patch for its QuickTime application nearly 11 days after the disclosure of a highly-publicised vulnerability.  

The vulnerability occurs in the way QuickTime handles JavaScript code. An attacker could use a specially-crafted Java applet embedded in a web page to execute code on a machine with the permissions of the current user.

The vulnerability was discovered by independent security researcher Dino Dai Zovi, who developed a working exploit in a matter of hours.  

Dai Zovi and partner Shane Macauley used the exploit to win a MacBook Pro and $10,000 prize at the CanSecWest security conference. 

The vulnerability was originally reported to exist only in Safari. However, Dai Zovi and Tipping Point later disclosed that the vulnerability affected all Mac and PC Java-enabled browsers on systems with QuickTime installed. 

Apple has also issued an update that fixes flaws in the AirPort and FTP components for Mac OS 10.3.9 and 10.4.9.

Tags:

reader comments

related articles

Apple

Hacking contest yields QuickTime exploit

Researcher wins $10,000 bounty with JavaScript attack 25 Apr 2007

 

QuickTime vulnerability expands to IE

Researchers execute attack in Microsoft browser 25 Apr 2007

Apple issues MacBook battery fix

Update addresses laptop performance issues 30 Apr 2007

Apple patches 802.11n Airports

Security fix covers two holes in base station's software 10 Apr 2007

Apple riding high on Mac and iPod sales

Most profitable March quarter in company's history 26 Apr 2007

Security

Security world makes short work of Chrome

Google browser open to 'carpet bomb' attack 04 Sep 2008

MacBook Air hacked in two minutes

Apple falls first in laptop hacking contest 28 Mar 2008

Apple releases seven QuickTime fixes

Vulnerabilities affect OS X and Windows versions 09 Nov 2007

related whitepapers

today's top stories

The Big Picture

Learning from the credit crunch to avoid a broadband crunch

While it might be the most pressing issue de jour , the financial system isn’t the only area where government needs to... 10 Oct 2008

Management

How careerism can warp IT procurement

Many working in IT put their career interests before those of their employer when weighing up purchasing options 10 Oct 2008

Management

City in pressing need of skilled IT matchmakers

With the financial services sector plunging ever deeper into an M&A maelstrom, IT leaders are having their systems integration skills and due diligence expertise tested as never before 09 Oct 2008

Software

The definitive guide to software development

Five key trends and five best practice tips to help you improve your programming capabilities 09 Oct 2008

Management

Computing podcast - IT implications of the banking crisis, and the FSA clamps down on IT security

We discuss the effect of shotgun mergers and acquisitions on financial services IT staff, and examine the industry regulator's plan to fine directors for information security breaches 09 Oct 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job


IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you apply for a job that was advertised on Facebook or a similar social networking site?

Would you apply for a job that was advertised on Facebook or a similar social networking site?

The government is using Facebook to recruit IT staff - would you apply to such an ad?

Previous poll results

> More polls

Latest audio and video articles

programming codeVideo

The definitive guide to software development

Five key trends and five best practice tips to help you improve your programming capabilities 09 Oct 2008

Podcast imageAudio

Computing podcast - IT implications of the banking crisis, and the FSA clamps down on IT security

We discuss the effect of shotgun mergers and acquisitions on financial services IT staff, and examine the industry regulator's plan to fine directors for information security breaches 09 Oct 2008

> More audio and video

Latest in-depth articles

Financial Services Authority buildingAnalysis

FSA threatens executives with fines

Senior management to be held accountable for security lapses at banks 09 Oct 2008

Comment

Broadband must be a spending priority

For the economic health of the nation, the government would do better to bankroll an optical fibre rollout rather than prop up profligate banks 09 Oct 2008

> More in depth articles

Advertisement

Primary Navigation