Gartner Warns About CanSecWest Mac Exploit

Gartner has released a security advisory now that certain details of Dai Zovi’s exploit have been made public. At risk are computers with Java-enabled browsers that also have Apple QuickTime plug-ins, so this is not Mac-specific. Gartner says, “The sheer breadth of systems and browsers that potentially could be affected means that this could be a serious browser vulnerability. No single safeguard can guarantee complete protection.”

It’s not a browser vulnerability, it’s an Apple QuickTime vulnerability: no QuickTime plugin installed, no problem with remote users getting local current-user control via Java. Solution: ditch QuickTime plugins and codecs til Apple gets their act together. And don’t forget this next time you see one of their ads touting how much safer they are.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: