DealsOnTheWeb Daily Deal: 8GB iPod Touch: $229 Delivered
Additional Details Emerge About Mac Hack
by , 3:10 PM EDT, April 25th, 2007
Additional details have been posted about the Macintosh compromise discovered last week at the CanSecWest 2007 Conference. The exploit involves a Java-enabled Browser plus QuickTime and was documented at the Secunia Website on Tuesday.
Without disclosing the "how," Mr. Dino Dai Zovi who was the developer of a prize winning exploit of Mac OS X -- when connected to an external URL via Safari -- posted formal information about the exploit.
"The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox," the advisory said.
The severity was rated as "Highly Critical." The advisory noted that other Browsers and platforms may also be affected.
Observer Comments
Wed Apr 25, 2007 7:07 pm Subject: Highly Critical?
QuoteGuest wrote:
My understanding of the exploit is that it gives a remote user logged-in user priviliges, not root. Why would that be highly critical?
It might allow the perpetrator to do damage--overwriting files, for example. It's yet another reason that a lot of experts advise running in a "standard" user mode, rather than administrator mode.
Thu Apr 26, 2007 12:00 am Subject: Turn off Java
Recent Headlines - Updated Wednesday, May 21st, 2008
- Wed., 4:50 PM
- Editorial - Apple's Curious Failure to Act Against Psystar
- 4:35 PM
- AAPL Down Dramatically for No Obvious Reasons
- 4:15 PM
- SpamSieve 2.7 Improves Handling of Attachments, URLs, HTML
- 3:45 PM
- User Friendly Blog by Ted Landau - Apple's unsupported support articles
- 2:50 PM
- Apple's Purchase of PA Semi Under Review by DoD
- 2:15 PM
- iPodObserver - AT&T Nears Completion of Full 3G/HSPA Technology
- 1:35 PM
- C|Net: Apple's .Mac Missing a Golden Opportunity
- 12:25 PM
- Apple Posts Extended Version of "Sad Song" Get a Mac Ad
- 11:10 AM
- Report: Apple to Move Entire MacBook Line to LED by 2009
- 10:55 AM
- Man & Machine Sues Apple For "Mighty Mouse" Trademark Infringement
- 10:30 AM
- TMO's DealsOnTheWeb.com - HP Officejet Pro L7590 Flatbed All-In-One: $199.99 Delivered
- 10:10 AM
- Western Digital Targets "My Passport" Portable Drives at Mac Users
- 9:00 AM
- iPodObserver - Phishing Scheme Fakes iTunes for Bait
- 7:30 AM
- TMO Quick Tip - One-click File Name Copying
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- Other World Computing: Performance SATA Drives up to 1.0TB from $54.99 Replace, Upgrade, Add SATA to Mac Pro, PowerMac G5, iMac G5 & even PowerMac G4(with PCI SATA Card) Specials: 400GB from $99; 500GB 7200RPM from $99; 750GB & 1.0TB In Stock now!
Memory For New Intel Core2 DUO MacBooks, MacBook Pro, MacMini & iMacs" 4GB Kit $80, 3GB Kit $60, 2GB Kit $40, 1GB $20. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.For the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Nokia BH-208 Bluetooth Headset with Car Charger: $29.99 Delivered 
Cavalry 500GB 3.5" USB 2.0 External Hard Drive with One Touch Back-Up: $74.99 Delivered A/R 
D-Link 5-Port Gigabit Unmanaged Desktop Switch: $20.99 Delivered A/R 
Vox 250GB 3.5in USB 2.0 & eSATA External Hard Drive: $44.99 Delivered A/R 
Linksys Gigabit 5-Port Workgroup Switch: $31.99 Delivered 
