"So in esence the flaw existed because Quicktime is cross platform. It seems that Windows Compatible also means Hacker Compatible. We could say that the Mac is still pretty safe sans platform hoping apps. "
How on earth do you arrive at this logic? The fact that quicktime is crossplatform didn't make it insecure. Last I checked having some version of Quake on your system doesn't mean your system is all of a sudden vulnerable just because it is crossplatform. Quicktime could have only been supported on the mac and it would have STILL had the vulnerability as the reliance on Java is for browser extensiblity (hence the attack vector through Safari in the original discovery) rather than multiplatform support.
If that isn't convincing enough I have a .dmg file for you to download in safari. Don't worry, you don't need to install any of the security updates for safari that apple has released specifically because there are a wealth of known exploits on OS X systems via safari's automatic and improper parsing of .dmg files. Apparently according to your logic Safari should be perfectly safe out of the box since it is OS X specific. In fact, why don't you stop installing any of the QUARTERLY security patches that Apple releases for OS X, patches that address dozens of security vulnerabilities per patch, and instead only update quicktime and iTunes since they are cross platform. I'm sure your system will be invulnerable anyway. Dumbass.
"QuickTime (of all things), " Not entirely surprising. Quicktime has been none to have security issues in the past (just do a websearch and you will find plenty of articles from security researchers on the subject). Moreover, a great majority of security vulnerabilites on any platform are application level rather than OS level. There are dozens of pieces of malware that propogate because of a flaw in flash that will automatically download and execute code. The last version of Acrobat will arbitrariliy execute code embedded in compromised pdfs (hence the recent update). It isn't surprising quicktime also is an attack vector, especially since it integrates with the webbrowser to a degree (actually, that was specifically the reason this time, since the flaw found exploits a weakness resulting from using Java to help with this browser integration).
Reader Comments (Page 1 of 1)
josh @ May 2nd 2007 1:26PM
"So in esence the flaw existed because Quicktime is cross platform. It seems that Windows Compatible also means Hacker Compatible. We could say that the Mac is still pretty safe sans platform hoping apps. "
How on earth do you arrive at this logic? The fact that quicktime is crossplatform didn't make it insecure. Last I checked having some version of Quake on your system doesn't mean your system is all of a sudden vulnerable just because it is crossplatform. Quicktime could have only been supported on the mac and it would have STILL had the vulnerability as the reliance on Java is for browser extensiblity (hence the attack vector through Safari in the original discovery) rather than multiplatform support.
If that isn't convincing enough I have a .dmg file for you to download in safari. Don't worry, you don't need to install any of the security updates for safari that apple has released specifically because there are a wealth of known exploits on OS X systems via safari's automatic and improper parsing of .dmg files. Apparently according to your logic Safari should be perfectly safe out of the box since it is OS X specific. In fact, why don't you stop installing any of the QUARTERLY security patches that Apple releases for OS X, patches that address dozens of security vulnerabilities per patch, and instead only update quicktime and iTunes since they are cross platform. I'm sure your system will be invulnerable anyway. Dumbass.
"QuickTime (of all things), "
Not entirely surprising. Quicktime has been none to have security issues in the past (just do a websearch and you will find plenty of articles from security researchers on the subject). Moreover, a great majority of security vulnerabilites on any platform are application level rather than OS level. There are dozens of pieces of malware that propogate because of a flaw in flash that will automatically download and execute code. The last version of Acrobat will arbitrariliy execute code embedded in compromised pdfs (hence the recent update). It isn't surprising quicktime also is an attack vector, especially since it integrates with the webbrowser to a degree (actually, that was specifically the reason this time, since the flaw found exploits a weakness resulting from using Java to help with this browser integration).