Additional Details Emerge About Mac Hack

Additional details have been posted about the Macintosh compromise discovered last week at the CanSecWest 2007 Conference. The exploit involves a Java-enabled Browser plus QuickTime and was documented at the Secunia Website on Tuesday.

Without disclosing the "how," Mr. Dino Dai Zovi who was the developer of a prize winning exploit of Mac OS X -- when connected to an external URL via Safari -- posted formal information about the exploit.

"The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox," the advisory said.

The severity was rated as "Highly Critical." The advisory noted that other Browsers and platforms may also be affected.