Quick, what’s Apple’s biggest vulnerability? Right, QuickTime!
QuickTime just happens to run on both Windows and Mac OS X, which makes this the second cross-platform threat I have reported here in the past week. This is also the second time in a week Apple has released a security patch to block malicious Web sites from using QuickTime flaws to wreak havoc on those visitors who could be tricked to visiting.
The Register has a brief article on the vulnerabilities and also carries a piece on a dozen other recently patched holes in OS X, including a serious threat due to a problem with mDNSResponder.
Thanks a “heap,” Apple.
And, lest non-Mac users feel safe with their freeware, it turns out that Firefox add-ons, including the notorious Google toolbar, pose serious security threats. This and other plug-in vulnerabilities in Google Browser Sync and the Yahoo! toolbar (as well as the AOL and Ask.com toolbars — and even the Netcraft Anti-Phishing Toolbar and PhishTank SiteChecker) were discovered by graduate student Christopher Soghoian.
I think until the dust settles on this one I’ll go back to using IE.