Well, as a security aware internetuser, you patch your systems? Right? You even upgrade your browser from time to time? Very good! But don't forget about the plugins like flash and quicktime. Especially in Quicktime for Apple because a vulnerability was found some while ago. Matasano explains what the problem is:
If you have the QuickTime for Java extensions installed (in other words, if you have QuickTime installed),
then a Java applet will be allowed to construct and play with QuickTime objects, which are backed with unprotected C code,
and specifically, some of those objects wrap pointers to memory tracked by a dynamic C library,
and unfortunately those objects are not careful enough with the values passed to them by Java code,
so Java applets can overwrite arbitrary process memory directly,
which they should never be able to do, because keeping Java applet code from touching memory directly is the whole point of the applet sandbox.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
No comments:
Post a Comment