14 DAY TRIAL // It happens again. Firefox and QuickTime are again the hottest security news subjects after a security researcher revealed a flaw which can seriously harm your computer. But this time, it is different. The vulnerability doesn't really exist in any of the applications but it can be easily exploited if the two solutions are installed on a computer.
According to the report, both Windows and Mac systems are affected as the applications come in these flavors. But what's more important is that Petko D. Petkov sustains he discovered this flaw in September 2006 along with one more vulnerability but the two companies ignored his message and patched only one of them. A few days ago, he posted a demonstration on his page to show the flaw really exists and can be very dangerous for all the users with unpatched systems.
"I have to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the spot light on the second vulnerability one more time over here, yet nobody listened. So, I decided to post a demonstration of how a Low risk issue can be turned into a very easy to perform HIGH risk attack," the researcher wrote on his own website.
According to the folks writing for The Register, a Mozilla representative sustained they analyzed the report with the Apple employees and they are currently working to fix it. Because QuickTime is usually distributed along with iTunes, all the users who installed the multimedia player are also affected by the hole.
Now, how can we protect our computer from this dangerous exploit? According to Hackademix, the flaw can be patched by installing NoScript, a Firefox extension which "allows JavaScript and Java execution only for trusted domains of your choice," as the official browser of the add-on states.