"PWN to own" bug could pose a serious threat

Remember that "PWN to own" competition? Well, it turns out that the exploit used to win a MacBook may have some serious repercussions after all. As it turns out, the bug was not a Safari weakness but rather, a Java-based vulnerability in QuickTime. It's currently known that both Safari and Firefox on OS X are affected and Windows versions of Firefox may be vulnerable too. "The method of attack is the same as what Microsoft calls 'click and you're owned.' You get an e-mail, visit a malicious website, and boom, you're owned. Where there's still that one-step user interaction, it's still a serious vulnerability. Anytime you illegally break into a machine, it's a hack," said Terri Forslof, manager of security response at security firm TippingPoint. No exploits have been spotted in the wild yet; expect a patch from Apple in the near future.