diff options
| author | luxagraf <sng@luxagraf.net> | 2015-10-25 08:45:11 -0400 |
|---|---|---|
| committer | luxagraf <sng@luxagraf.net> | 2015-10-25 08:45:11 -0400 |
| commit | 0531523b372cc251a8391f5a12447d62f53916a9 (patch) | |
| tree | 7e9c54c11f6d0283accdf10028966ceeb8e9a2bf /published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt | |
initial commit
Diffstat (limited to 'published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt')
| -rw-r--r-- | published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt b/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt new file mode 100644 index 0000000..6a5058f --- /dev/null +++ b/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt @@ -0,0 +1,16 @@ +What started off as a Mac-based hack in the [hack-a-Mac contest at the recent CanSecWest conference][3] has turned into a cross-platform vulnerability that affects not just OS X, but [reportedly Windows as well][2]. + +The OS X vulnerability exploited by hackers is not a flaw in OS X after all. Instead Quicktime is the blame for the vulnerability and the exploit is made possible by a flaw in way Quicktime interacts with Java. + +Because Quicktime and Java are also found on many Windows machines, the vulnerability most likely affects Windows users as well -- though that has yet to be officially confirmed. + +Apple has not address the issue publicly yet beyond the usual PR-speak. An Apple rep [told CNet][4] earlier in the week that, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users." + +Unfortunately in this case Apple hasn't addressed the issue before it can affect users. Sencunia, a security analyst firm, has [rated the flaw as highly critical][1] and suggests that users disable Java support until Apple issues a patch. + +While many OS X users have taken the revised information as proof that Mac OS X is more secure, in fact, just because the hackers at the conference were unable to find a true flaw in OS X within the timeframe of the contest, does not mean there aren't flaws to be found. + +[1]: http://secunia.com/advisories/25011/ "Apple QuickTime Java Handling Unspecified Code Execution" +[2]: http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/ "MacBook Vuln In Quicktime, Affects Win32 Apple Code" +[3]: http://blog.wired.com/monkeybites/2007/04/mac_hack_challe.html "Mac Hack Challenge Requires Rule Change To Find Winner" +[4]: http://news.com.com/MacBook+hacked+in+contest+at+security+event/2100-7349_3-6178131.html "MacBook hacked in contest at security event" |