'Critical' Apple QuickTime Bug Affects iPod Users'Critical' Apple QuickTime Bug Affects iPod Users

The flaw affects all Java-enabled browsers, including Microsoft's Internet Explorer, Mozilla's Firefox, and Apple's Safari.

Sharon Gaudin, Contributor

April 25, 2007

2 Min Read
information logo in a gray background | information

A "highly critical" vulnerability has been reported in Apple QuickTime that opens up the millions of people who use iPods to attack.

The vulnerability, which is caused by an error in the way Apple QuickTime handles Java, can be exploited if a user visits a malicious Web site, running a Java-enabled browser. Researchers said that includes Microsoft's Internet Explorer, along with Mozilla's Firefox and Apple's Safari browser. The bug also affects Windows Vista through Internet Explorer 7.

The bug enables a hacker to execute code remotely. Security software firms Secunia and TippingPoint called the bug "highly critical." There have been no reports yet of the bug being exploited.

A spokesperson for Apple wasn't immediately available to comment on the findings.

Earlier this month, Apple announced that it had sold its 100 millionth iPod.

"It's very critical because of the cross-platform, multibrowser nature of it," said Terri Forslof, manager of security response with security company TippingPoint, in an interview. "I would say the attack surface is infinite. You can get the same privileges as the user who is logged on. There is an obvious potential for widespread attack."

Secunia, a security company known for tracking vulnerabilities, issued an advisory noting that the bug affects any platform supporting QuickTime. Secunia researches said the bug affects the Mac OS X system using Firefox and Safari.

Forslof said TippingPoint reported to Apple this week that the bug also affects Internet Explorer. She added that the flaw also would affect Windows Vista through IE7.

"Initially, the proof of concept code provided by the researcher, Dino Dai Zovi, only worked against the Safari and Firefox browsers," said Forslof. "We strongly believe at this point that any Java-enabled browser, which has the vulnerable QuickTime Java extension installed, is affected by this issue."

QuickTime is Apple's multimedia technology. The iPod uses the iTunes media player, which uses QuickTime. Forslof noted that if there is a way for iPod users to get around using QuickTime, it's not prevalent.

The bug was discovered by Dino Dai Zovi during the recent CanSecWest conference.

Read more about:

20072007

About the Author

Sharon Gaudin

Sharon Gaudin

Contributor

See more from Sharon Gaudin
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports