IE also affected by $10,000 QuickTime bug

Initially the flaw was thought to be exploitable only through Apple's Safari and Mozilla's Firefox Web browsers on both Macs and Windows PCs.

The security flaw used to breach a MacBook in a hack-a-Mac competition last week also affects Internet Explorer on Windows PCs, according to TippingPoint.

Initially, the flaw was thought to be exploitable only through Apple's Safari and Mozilla's Firefox Web browsers on both Macs and Windows PCs. Researchers at TippingPoint have now determined that the bug, which lies in Apple's QuickTime media player, also impacts Internet Explorer on Windows.

"New facts have emerged," Terri Forslof, manager of security response at TippingPoint, said in a statement Wednesday. "We have now verified that this issue affects both Windows and Mac operating systems, including Windows Vista through Internet Explorer."

Any Web browser that supports Java and has QuickTime installed is affected by this issue, according to TippingPoint. An attacker could exploit the flaw by luring a victim to a malicious Web site.

Further details on the flaw are being kept confidential until Apple patches it. TippingPoint, which sells intrusion prevention systems, had offered a $10,000 prize for a Mac zero-day vulnerability as part of the "PWN to Own" hack-a-Mac contest at the CanSecWest conference in Vancouver, B.C.

Disabling Java in a browser shields a computer against attacks that exploit the flaw, Dino Dai Zovi, who found the flaw, has said. Macs are vulnerable by default because Apple ships QuickTime with the operating system. Windows users are only vulnerable if QuickTime is installed.
About the author

    Joris Evers covers security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Tech industry's high-flying 2014
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)