Gartner has released a security advisory now that certain details of Dai Zovi’s exploit have been made public. At risk are computers with Java-enabled browsers that also have Apple QuickTime plug-ins, so this is not Mac-specific. Gartner says, “The sheer breadth of systems and browsers that potentially could be affected means that this could be a serious browser vulnerability. No single safeguard can guarantee complete protection.”
It’s not a browser vulnerability, it’s an Apple QuickTime vulnerability: no QuickTime plugin installed, no problem with remote users getting local current-user control via Java. Solution: ditch QuickTime plugins and codecs til Apple gets their act together. And don’t forget this next time you see one of their ads touting how much safer they are.