Gartner Warns About CanSecWest Mac Exploit

Gartner has released a security advisory now that certain details of Dai Zovi’s exploit have been made public. At risk are computers with Java-enabled browsers that also have Apple QuickTime plug-ins, so this is not Mac-specific. Gartner says, “The sheer breadth of systems and browsers that potentially could be affected means that this could be a serious browser vulnerability. No single safeguard can guarantee complete protection.”

It’s not a browser vulnerability, it’s an Apple QuickTime vulnerability: no QuickTime plugin installed, no problem with remote users getting local current-user control via Java. Solution: ditch QuickTime plugins and codecs til Apple gets their act together. And don’t forget this next time you see one of their ads touting how much safer they are.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: