Mac Hack Affects Windows As Well
What started off as a Mac-based hack in the hack-a-Mac contest at the recent CanSecWest conference has turned into a cross-platform vulnerability that affects not just OS X, but reportedly Windows as well.
The OS X vulnerability exploited by hackers is not a flaw in OS X after all, nor is it limited to Apple’s Safari browser as was originally reported. Instead Quicktime is the blame for the vulnerability and the exploit is made possible by a flaw in way Quicktime interacts with Java.
Because Quicktime and Java are also found on many Windows machines, the vulnerability most likely affects Windows users as well — though that has yet to be officially confirmed.
Apple has not addressed the issue publicly yet beyond the usual PR-speak. An Apple rep told CNet earlier in the week that, “Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.”
Unfortunately, in this case, Apple hasn’t addressed the issue before it can affect users. Sencunia, a security analyst firm, has rated the flaw as highly critical and suggests that users disable Java support until Apple issues a patch.
While many OS X users have taken the revised information as proof that Mac OS X is more secure, in fact, just because the hackers at the conference were unable to find a true flaw in OS X within the timeframe of the contest, does not mean there aren’t flaws to be found.