Additional Details Emerge About Mac Hack

| News

Additional details have been posted about the Macintosh compromise discovered last week at the CanSecWest 2007 Conference. The exploit involves a Java-enabled Browser plus QuickTime and was documented at the Secunia Website on Tuesday.

Without disclosing the "how," Mr. Dino Dai Zovi who was the developer of a prize winning exploit of Mac OS X -- when connected to an external URL via Safari -- posted formal information about the exploit.

"The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox," the advisory said.

The severity was rated as "Highly Critical." The advisory noted that other Browsers and platforms may also be affected.

No Comments

Log-in to comment