Apple fixes "Crack a Mac" 0day issue

Slashdot is powered by your submissions, so send in your scoop

Journal Lars T.'s Journal: Apple fixes "Crack a Mac" 0day issue

Journal by Lars T. on Thursday May 03, 2007 @04:13PM

On May 1st, Apple has released the QuickTime 7.1.6 Update that (among other things) fixes the security issue that was used in the "CanSec Macbook Challenge" win.

Description: An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue.

BTW: the bug is/was not limited to Safari (as was initially reported), but also works on other browsers and probably on Windows too.

This discussion has been archived. No new comments can be posted.

Apple fixes "Crack a Mac" 0day issue

Load All Comments

Search 0 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Journal Lars T.'s Journal: Apple fixes "Crack a Mac" 0day issue

Apple fixes "Crack a Mac" 0day issue More Login

Apple fixes "Crack a Mac" 0day issue

Slashdot Top Deals

Slashdot