There's definitely a serious vulnerability in QuickTime with Java code, but which browsers are affected?
A highly critical bug in Apple's QuickTime was the vector used to exploit a MacBook Pro last week at the CanSecWest security conference. But researchers are disputing what platforms are affected.
Even the researchers who wrote the exploit aren't entirely clear on what they have. The one who wrote it at first thought it a flaw in the Safari Web browser, but later on others showed it was actually a flaw in the interaction between QuickTime and Java.
Since the flaw is in QuickTime and Java, potentially any Java-enabled browser on a system with QuickTime is affected. Because of this, many sources are saying that Internet Explorer 6 and 7 are affected in those configurations .
But others are saying, as is Terri Forslof, manager of security response at TippingPoint , that IE's sandbox "does handle the vulnerability appropriately." The sandbox may only refer to IE7, or perhaps also to IE6 with SP2.
In the meantime, some are recommending that users disable Java in their browsers as the easiest way to block the attack. This may be the easiest block, but it has the potential to break other applications, so do it with caution.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
Related stories:
Critical QuickTime Update Released
Apple has fixed a bad QuickTime security flaw exposed at a recent security conference.
Disruption-free videos
Standardized video coding techniques still have their snags -- digitally transmitted images are not always disruption-free. An extension of the H.264/AVC coding format allows to protect the most important data packets to ensure they arrive safely at the receiver.
Video archive project can record lectures for posterity
A new video service on University of Michigan's campus can capture presentations, classes and training workshops, post them online within 24 hours and archive them indefinitely in a high-quality universal format.
Apple Previews Mac OS X Snow Leopard to Developers
Apple today previewed Mac OS X Snow Leopard, which builds on success of OS X Leopard and is the next major version of the world’s most advanced operating system.
Inexpensive roof vent could prevent billions of dollars in wind damage
Hurricanes often lift the roofs off buildings and expose them to havoc and damaging conditions, even after the worst of the wind has passed. A local roofer, Virginia Tech faculty members from architecture and engineering, and a graduate student have devised an inexpensive vent that can reduce roof uplift on buildings during high winds, even a hurricane.
Jump into the screen with 360-degree immersive video
As you watch a video, have you ever wondered what's happening beyond the camera frame? If you could jump inside the video and look around, you would have a 360-degree view of the world in your TV screen or computer monitor.
Where do you stand? Research shows clues in rules of the wild
If you wonder where you stand in the social pecking order at work, home and in the community, a little known group of primates found only in the highlands of Ethiopia may offer some clues.
Virtual Eve: first in human computer interaction
The near-human performance of a virtual teacher called Eve created by Massey researchers has drawn the attention of scientists across the computing world.