QuickTime Patch Procrastination Poses Firefox Problems
Said it before, say it again: Bad enough to have flawed and vulnerable software out there, but probably unavoidable as code gets more and more complex. Completely unavoidable and equally inexcusable is letting a known vulnerability languish for any amount of time, much less a full year. Yet that's exactly what Apple's done with a QuickTime media player security hole that's been known of for at least that long.
Said it before, say it again: Bad enough to have flawed and vulnerable software out there, but probably unavoidable as code gets more and more complex. Completely unavoidable and equally inexcusable is letting a known vulnerability languish for any amount of time, much less a full year. Yet that's exactly what Apple's done with a QuickTime media player security hole that's been known of for at least that long.The QuickTime media player vulnerability puts Firefox browser users at risk by way of a a backdoor entry path for hackers masking their malice as QuickTime media files. Click the file wile browsing via Firefox and the crooked code cuts loose, compromising your computer.
The vulnerability was one of two identified by exploit expert Petko D. Petkov in September, 2006. Apple patched one, let the other slide.
Petkov's year's worth of frustration led him to post proof-of-concept code showing just how problematic the vulnerability can be. That code, some feel, will get turned into actual exploits quickly.
Irony is that earlier this year Apple got high marks for fast-fixing a QuickTime vulnerability that, admittedly, was higher risk with a much broader potential target base.
That's not the point -- or maybe it is. The size of the target base is a consideration factor to a company that has to devote resources to patching a hole. Shouldn't be, but it is.
But to anyone running Firefox with QuickTime as its default media player, the target base is a party of one: themselves. Patch this problem, Apple!
Mozilla is making noise about the seriousness of the Firefox/QuickTime problem, which so far appears to affect only Firefox for Windows.
Mozilla's also got a tech-blog on the vulnerability here.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024