Six days after proof-of-concept code was released for a long-unpatched bug in Apple's QuickTime media player, Firefox is updated with a fix.
Trying to fend off attacks aimed at Apple's QuickTime media player that could hurt Firefox, Mozilla pushed out a new version of its Web browser.
Last week, Mozilla confirmed that a year-old unpatched vulnerability in Apple's QuickTime media player opens up a backdoor that could allow a hacker to break into Firefox. A researcher who discovered the flaw posted proof-of-concept exploits for it on his blog.
"This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple," wrote Window Snyder, Mozilla's top security executive, in her blog Tuesday. "This issue was patched in only six (or 6.25 according to John O'Duinn) days. When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue. The window of opportunity for attackers is reduced and so is the potential to compromise users. So thanks, you guys, for helping destroy the economics of malicious exploit development."
Petko D. Petkov, a penetration tester who discovered the bug, said in a blog post that the "vulnerability can lead to a full compromise of the browser and maybe even the underlying operating system." Petkov released information about two QuickTime bugs a year ago, but noted that only one has been patched. The other remains a problem, especially for users of the open-source Firefox browser.
The researcher said in his blog, Gnucitizen, that he posted a demonstration of how the bug could be used to hack into Firefox to make a point. "The first vulnerability was fixed, but the second one was completely ignored," he wrote. "I tried to bring the spotlight on the second vulnerability one more time over here, yet nobody listened."
Apple issued at least three separate patch updates for QuickTime in the last several months.
QuickTime is Apple's multimedia technology for dealing with video, sound, animation, text, and music. The technology is widely used. The highly popular iPod uses the iTunes media player, which people run on their PCs and Macs. ITunes, in turn, uses QuickTime.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.