Confirmed: QuickTime/Java flaw does affect Windows

Stephen Withers
Thursday, 26 April 2007 13:47

Your IT - Home IT

The QuickTime/Java vulnerability that earned Dino Dai Zovi a $10,000 prize in a Mac hacking contest at the CanSecWest security conference also affects Windows, Tipping Point officials have confirmed.

"We have now verified that this issue affects both Windows and Mac operating systems, including Windows Vista through Internet Explorer," said Terri Forslof, manager of security response at TippingPoint.

Originally thought to be a Safari flaw, it was later revealed that the vulnerability was seated in the interaction between Java and QuickTime, and  affected other Mac browsers such as Firefox.

"We strongly believe at this point that any Java-enabled browser that has the vulnerable QuickTime Java extension installed is affected by this issue," added Forslof.

Until Apple releases an update, computers may be protected by disabling Java support in every browser used on the system.

TippingPoint, a 3Com division, put up the $10,000 prize. The competition rules were relaxed to allow attacks via malicious web pages when nobody came up with an exploit that could take over a Mac that was merely sitting on a network.