QuickTime 7.1.6 Fixes CanSecWest Exploit

Wednesday, 2007-05-02; 15:12:00

So Apple has released an official fix for the exploit found by Dino Dai Zovi at CanSecWest 2007. Apple has officially credited Dai Zovi with the discovery of the bug in their release notes for the security content of this update. And as such, Thomas Ptacek has posted exploit code for the bug at Matsano Chargen. (I don't see any proof-of-concept demonstration, but at this point it doesn't really matter.)

So the vaporware slider for this bug has slid all the way to the "proven and corrected exploit" side. Kudos to Dai Zovi for finding the bug and working with Apple, and kudos to Apple for fixing it in a very short period of time.

I'm still wondering, though, what Gruber's reasons were for treating this exploit differently at the start, regardless of the final outcome.

Technological Supernova   Intarweb   Older   Newer   Post a Comment