New security vulnerability threatens Tiger
updated 03:20 pm EDT, Thu May 12, 2005
Tiger/QT exploit
A security vulnerability in Mac OS X 10.4 Tiger allows a malicious .mov file to . The exploit, which was discovered by David Remahl in Sweden, takes advantage "compositions," which have access to powerful tools known as "patches." Combining patches that provide advanced system information with patches that load information from the Internet allows an embedded .mov file to leak system details. A temporary workaround includes disabling the QuickTime plug-in and treating Quartz Composer files with suspicion. An alternative workaround involves disabling QTZ support in QuickTime by removing QuartzComposer.rcomponent in the QuickTime section of the system Library.
Leaked information:











Another exploit please!
05/12, 03:50pm reply
Unlike the Dashboard vulnerability, this ones seems a bit more concerning. However, I am once again confident Apple will patch this very fast. They have always been quick to respond, and I doubt this will be any different.
Everytime I see one of these exploits, I think of hearing on the news about a critical Windows XP update that Microsoft released for an exploit that was found six months prior to the fix.
No OS is going to be perfect but at least Apple seems to always be on their toes with Security patches and updates.
jenmarsh
Fresh-Faced Recruit
Joined: Oct 2003
its beginning...
05/12, 03:51pm reply
to look a lot like windows with all this security ca ca going on
van rijn
Fresh-Faced Recruit
Joined: Sep 2002
Well done..
05/12, 03:59pm reply
Another security alert that needn't have been announced in such a way that it pretty much tells unscrupulous people who were not previously aware of it, exactly how to do it!
Grrr
Grizzled Veteran
Joined: Jun 2001
agreed
05/12, 04:08pm reply
They could have been a little less clear on the details, all right.
dave a
Fresh-Faced Recruit
Joined: Jan 2002
But is it fatal
05/12, 04:37pm reply
The info is leaked, yes. That isn't good.
But, it is fairly innocuous info… it isn't like an apple script co-opting Mail and spamming the 'verse.
Here is hoping it is still addressed in short order.
OS X security flaw = Headlines WIn Security flaws = Little Notice
T
:dragonflypro:
Senior User
Joined: Sep 2003
show and tell
05/12, 04:38pm reply
What's with show and tell. If I find a security issue I call apple and tell them. I also log it with apple's bug reporting. That's at the very least. I don't post anything about it in public for a good 2 weeks. Making a website to demo something, like the widget one, or this kind of report is negligent. If you tell people how to circumvent the security of a system and they do it you are responsible for it, regardless of how we define 'responsible'. In short, this kind of stuff (that almost seems orchestrated) will make the people doing wish that I had never been born if they come face to face with me.
technohedz
Fresh-Faced Recruit
Joined: Jul 2000
isn't fatal??
05/12, 04:39pm reply
Leaked username and password might be considered fatal to some.
technohedz
Fresh-Faced Recruit
Joined: Jul 2000
Re: isn't fatal??
05/12, 04:49pm reply
Where is there any mention of a leaked password?
crevatis
Fresh-Faced Recruit
Joined: Feb 2005
RE:isn't fatal??
05/12, 04:53pm reply
Crevatis is right, no mention of passwords anywhere...
tomas316
Fresh-Faced Recruit
Joined: Jan 2002
isn't fatal??
05/12, 04:55pm reply
No mention of leaked password at all. It provides basic information about the computer and various user accounts to someone who may be interested in breaking into it. That information would make it easier (than blindly guessing) to target the machine for a break-in but it would still require more effort.
Impatient1
Fresh-Faced Recruit
Joined: Oct 2002