Feature Graphic
Overview of cases in Apple iPhone 4 Case Program
Feature Graphic
Speck SeeThru Satin Case for iPad
Feature Graphic
Incase Snap Case for iPhone 4
Feature Graphic
Cocoon Gramercy iPad Messenger Sling
Feature Graphic
Griffin Reveal Etch for iPhone 4

Home | About | Advertising | Search



An old QT problem resurfaces as a security hole
March 1st 2002

Related Articles
- Apple releases Final Cut Studio 3
- iMovie Update addresses minor bugs, tweaks 3GS support
- Panasonic announces two new lightweight HD camcorders
- Roxio Easy VHS to DVD converts analog tapes to digital formats
- Sorenson jumps into video hosting services Sorenson 360
- Gefen announces two GefenTV Wireless VGA Extender boxes
- Elgato Video Capture bridges analog video
- Rumors of direct YouTube export for QuickTime X
- Twixtor Express for Final Cut Express spiffs up sequences with ease
- Blockbuster service comes to Tivo. Apple, iPhone next?

According to a post on Macintouch, one Al Tucker has become privy to a security hole that depends on a combination of settings and events, including QuickTime configuration, compression and a web browser.

Macintouch quotes Tucker as saying, "Just got word of how a number of innocuous things in and of themselves can be combined into a nasty exploit under OS 9 and under X by means of the Classic environment. Basically, if you turn off Quicktime Autoplay functions in the OS 9/Classic Quicktime Settings control panel, you can secure yourself. Specifically the 'Enable CD-Rom Autoplay,' but personally I see no reason to leave either on. Why wait until they exploit the Audio CD Autoplay to then turn it off?

"Try the supplied links and see how vulnerable you are for yourself. I specifically was not, even though my autoplays were enabled, since I run X and use Stuffit Deluxe X to expand all downloaded files. So for me, expansion always stops in an open window where I see the contents of the archive and have to manually unstuff the contents to a folder as the final step. No 100% complete auto unstuffing and mounting, ever. And that's just the way I've always wanted it."

Also, according to another Macintouch posting, the CERT Coordination Center issued Advisory CA-2002-05 warning of multiple security vulnerabilities in PHP, a scripting language widely used to create dynamic web sites. Possible solutions include disabling file uploads and updating the software to Version 4.1.2.

Connect with Insanely Great Mac


blog comments powered by Disqus

IGM Specials

iMac Upgrades 1333 MHz
4GB - $108
8GB - $248
16GB - $488

Mercury Extreme SSD
60GB - $180
120GB - $320
240GB - $630

Seagate 2TB $149
Hitachi 320GB $54
Samsung 2.5" 500GB $79

Mac Pro Memory
4GB - $153
8GB - $285
16GB- $560

NewerTech iPhone/iPod Car Charger - $9.79

MacBook Pro
DDR3/1066MHz - $198











Home

About

Advertising

Search

Copyright 1995-2010 Insanely Great Mac. All rights reserved.
Privacy Statment | Terms of Service
| Editorial Policy