QuickTime Bug Gives Hackers New Drive-by Attack

A year-old bug in QuickTime that, when paired with Firefox allows, hackers to hijack PCs and Macs now has Mozilla Corp. scrambling for a fix, the company"s chief security officer said Wednesday.

According to Petko Petkov, a U.K.-based Web application penetration tester, the current version of QuickTime contains a flaw in its Media Link (.qtl file formats) function. Any file with a QuickTime-supported extension -- there are more than 60 -- will be parsed by Apple Inc."s media player. However, because it fails to sanitize the XML content, an attack can sneak links to malicious JavaScript into the file, and get QuickTime to run it.

View: The full story
News source: PCWorld

Report a problem with article
Next Article

Flash memory makers propose common card

Previous Article

Intel to deliver X38 chipsets in mid-September