New details emerging about Dino’s MacBook finding (don’t you just love vulnerability markets?). Dino’s finding targets Java handling in QuickTime.
- Any Java-enabled browser is a viable attack vector, if QuickTime is installed.
- Apple’s vulnerable code ships by default on MacOSX (obviously) and is extremely popular on Windows, where this code introduces a third-party vulnerability. (Irony!)
- Firefox and Safari are confirmed vectors on MacIntel. Users of both browsers are placed at risk by this vulnerability in Apple’s code.
- Firefox is a presumed vector on Win32, if Apple’s QuickTime code is installed. Users of Firefox on Windows are presumed to be at risk because of this vulnerability in Apple’s code.
- Disabling Java stops the vulnerability.
-------------------------------------
No comments:
Post a Comment