If, as the group said, any Java-enabled browser can be exploited if QuickTime is installed, that would also place Microsoft's Internet Explorer users in the at-risk group.
Matasano also said it assumes that Firefox is vulnerable on Windows PCs if QuickTime's plug-in is installed. Ptacek confirmed that both Safari and Mozilla Corp.'s Firefox can be exploited through the new QuickTime bug. Apple's vulnerable code ships by default on Mac OS X (obviously) and is extremely popular on Windows, where this code introduces a third-party vulnerability." "Any Java-enabled browser is a viable attack vector, if QuickTime is installed. "Dino's finding targets Java handling in QuickTime," said Matasano researcher Thomas Ptacek on the group's blog.
0 kommentar(er)
