Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


New security hole found in QuickTime and Mac OS-X

Google

Add to del.icio.us     Digg this story Digg this

April 24, 2007

A new security flaw that was discovered last week and that breached a MacBook in a Hack-a-Mac competition was attributed to Apple's QuickTime media player. Internet security worker Dai Zovi said the security vulnerability is directly related to the method QuickTime handles Java scripts. Zovi added that a potential hacker can exploit the security hole through Safari or Firefox. Some of the reports that first came in had indicated that the flaw was initially located in Safari, Apple's Internet browser.

Furthermore, Zovi said "it's a vulnerability within QuickTime. Safari and Firefox on Mac OS-X are also vulnerable. QuickTime is also widely used on Windows machines, so Windows users may also be at risk. At this time, Firefox on Windows is potentially considered at risk."

Internet security monitoring company Secunia identified the hole as "highly critical," one notch below its most serious rating. "This can be exploited to execute arbitrary code when a user visits a malicious Web site," Secunia said.

Apple's most recent QuickTime security update was last month.

Shane Macaulay, a software engineer and friend of Dai Zovi, hacked into a MacBook using the QuickTime security hole on April 20. The computer was one of two offered as a prize in the "PWN to Own - Hack-a-Mac" contest at the CanSecWest conference in Vancouver, B.C.

The successful Internet attack on the second and final day of the contest required a conference organizer to surf to a malicious website using Safari on the MacBook, a type of attack more familiar to Windows users than to Mac OS-X clients.

For its part, Apple declined to comment on the MacBook security vulnerability. However, last Friday, spokeswoman Lynn Fox provided Apple's standard security comment by saying "Apple takes security very seriously and has a great track record (!) of addressing potential vulnerabilities before they can affect users."

Further details on Apple's security hole are being kept confidential until the company successfully patches it. Meanwhile, Dai Zovi has submitted the vulnerability to TippingPoint's Zero Day Initiative bug bounty program.

TippingPoint, which sells intrusion prevention systems, had offered a $10,000 cash prize for a Mac zero-day vulnerability to make the CanSecWest contest more appealing to potential hackers.

Dai Zovi added "TippingPoint has since offered to purchase the vulnerability and I have agreed. Payment is in fact pending."

Zovi also commented that "disabling Java in a browser further shields a computer against attacks that could exploit the security hole. By default, Mac computers are vulnerable since Apple automatically ships QuickTime with its OS X operating system.

However, Windows PC users are only vulnerable if QuickTime is installed on their computers.

Add to del.icio.us     Digg this story Digg this

Source: C-Net News

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer