Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Third 'Apple Bug' seems familiar

by Stephen Withers

Thursday, 04 January 2007

The third instalment of the Month of Apple Bugs is less impressive than the first two, since it is apparently just a new way of exploiting a known vulnerability in QuickTime (as previously used by the MySpace XSS QuickTime worm).

Featured Whitepaper

5 Best Practices for Smartphone Support

The disclosure page does not indicate whether the Mac OS X version of QuickTime is affected as well as the one for Windows, and the proof of concept appears to rely on other Windows vulnerabilities. Furthermore, the exploit is described as a "cross-zone scripting attack," which is a Windows concept.

That shouldn't be taken as a claim that the QuickTime for Mac is 'safe' in this respect, but since the motivation for MoAB is said to be that "We like to play with OS X," we would have expected a Mac-based proof of concept.

Given that the QuickTime's ability to execute JavaScript contained within a movie's HREFTrack is an explicit feature (eg, to open a browser window with particular dimensions at a certain point in the movie), it isn't obvious how this issue could be best addressed within QuickTime.{moscomment}

Tags See All Tags

Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

	Visitors last 30 days	694,279
	Subscribers	15,210

Featured Whitepaper

Tags See All Tags

Sponsored Releases

Latest jobs

Featured Whitepapers

Today on iTWire

About iTWire

iTWire and you

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.