In association with heise online

20 December 2006, 14:10

QuickTime offers hackers a peep show [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A weak point in Apple's QuickTime media player for Mac OS X can be exploited to have Java applets read out parts of screen content. Attackers might be able to use manipulated web content to gain access to sensitive user information. The vendor describes this problem on its support website and has already provided a patch for Mac OS X 10.4.8 on Intel and PowerPC via its automatic update system.

The hole in the media player's Java components is only a problem when running with the Mac OS X Quartz composite manager. QuickTime installations on other operating systems are therefore not affected. However, users of Mac OS X are advised to install the update without unnecessary delay.

Update:
MacNews.de has reported a demo exploit that shows the effects of the weak point. On one of the publisher's web sites, the Java applet activated the iSight camera – as indicated by the green light – and sent the camera image read out through the security hole back to the web server.

Also see:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-732012
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit