summaryrefslogtreecommitdiff
path: root/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt
diff options
context:
space:
mode:
Diffstat (limited to 'published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt')
-rw-r--r--published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt16
1 files changed, 16 insertions, 0 deletions
diff --git a/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt b/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt
new file mode 100644
index 0000000..6a5058f
--- /dev/null
+++ b/published/Webmonkey/Monkey_Bites/2007/04.23.07/Wed/machack.txt
@@ -0,0 +1,16 @@
+What started off as a Mac-based hack in the [hack-a-Mac contest at the recent CanSecWest conference][3] has turned into a cross-platform vulnerability that affects not just OS X, but [reportedly Windows as well][2].
+
+The OS X vulnerability exploited by hackers is not a flaw in OS X after all. Instead Quicktime is the blame for the vulnerability and the exploit is made possible by a flaw in way Quicktime interacts with Java.
+
+Because Quicktime and Java are also found on many Windows machines, the vulnerability most likely affects Windows users as well -- though that has yet to be officially confirmed.
+
+Apple has not address the issue publicly yet beyond the usual PR-speak. An Apple rep [told CNet][4] earlier in the week that, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."
+
+Unfortunately in this case Apple hasn't addressed the issue before it can affect users. Sencunia, a security analyst firm, has [rated the flaw as highly critical][1] and suggests that users disable Java support until Apple issues a patch.
+
+While many OS X users have taken the revised information as proof that Mac OS X is more secure, in fact, just because the hackers at the conference were unable to find a true flaw in OS X within the timeframe of the contest, does not mean there aren't flaws to be found.
+
+[1]: http://secunia.com/advisories/25011/ "Apple QuickTime Java Handling Unspecified Code Execution"
+[2]: http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/ "MacBook Vuln In Quicktime, Affects Win32 Apple Code"
+[3]: http://blog.wired.com/monkeybites/2007/04/mac_hack_challe.html "Mac Hack Challenge Requires Rule Change To Find Winner"
+[4]: http://news.com.com/MacBook+hacked+in+contest+at+security+event/2100-7349_3-6178131.html "MacBook hacked in contest at security event"
generated by cgit v1.2.3-70-g09d2 (git 2.47.0) at 2025-02-23 23:55:08 +0000