QuickTime the culprit in Mac hack; Windows may also be at risk


The vulnerability that put $10,000 into the pocket of a New Yorker last Friday during a Mac hacking contest is in Apple Inc.'s QuickTime media player, researchers said today.

The contest, held at the CanSecWest security conference in Vancouver last week, pitted a pair of MacBook Pro notebooks, each with all currently-available security patches installed, against all comers. The battle was won by Dino Di Zovie, who forwarded a URL containing an exploit to a friend attending the conference, Shane Macaulay. Di Zovie took the $10,000 prize offered by TippingPoint's Zero Day Initiative, while Macaulay got a MacBook Pro.

On Friday, Sean Comeau, one of the CanSecWest organizers, said the bug was in Safari, the Apple browser bundled with Mac OS X. But Monday, researchers at Matasano Security LLC, a New York-based consultancy, said the flaw is actually in QuickTime. Di Zovie is a former Matasano researcher. QuickTime the culprit in Mac hack; Windows may also be at risk

Linked by shanmuga Thursday, 26th April 2007 2:39AM