Mailinglist Archive

"PWN to own" bug could pose a serious threat
April 25, 2007

Remember that "PWN to own" competition? Well, it turns out that the
exploit used to win a MacBook may have some serious repercussions after
all. As it turns out, the bug was not a Safari weakness but rather, a
Java-based vulnerability in QuickTime. It's currently known that both
Safari and Firefox on OS X are affected and Windows versions of Firefox
may be vulnerable too. "The method of attack is the same as what
Microsoft calls 'click and you're owned.' You get an e-mail, visit a
malicious website, and boom, you're owned. Where there's still that
one-step user interaction, it's still a serious vulnerability. Anytime
you illegally break into a machine, it's a hack," said Terri Forslof,
manager of security response at security firm TippingPoint. No exploits
have been spotted in the wild yet; expect a patch from Apple in the near
future.

http://www.dailytechrag.com/story/pwn-to-own-bug-could-pose-a-serious-threat/2007-04-25