Researchers have stated that the Apple Mac flaw that delivers $10,000 into the pocket of a hacker in a Mac hacking contest is in Apple’s QuickTime media player. It is said that the contest, conducted at the CanSecWest security conference in Vancouver, potholed a pair of MacBook Pro notebooks, each with all at present available security patches fixed, against all comers. The fight was taken over by Dino Di Zovie, who promoted a URL with an exploit to a friend attending the conference, Shane Macaulay. Di Zovie carried away the $10,000 prize given by TippingPoint’s Zero Day Initiative, whilst Macaulay got a MacBook Pro. Recently, Sean Comeau, one of the CanSecWest organizers, was said to have maintained that the vulnerability was in Safari, the Apple browser integrated with Mac OS X. however researchers at Matasano Security, are of the view that the vulnerability in fact reside in QuickTime. Matasano researcher Thomas Ptacek on Matasano’s blog said, Dino’s finding targets Java handling in QuickTime. Any Java-enabled browser is a viable attack vector, if QuickTime is installed. Apple’s vulnerable code ships by default on Mac OS X (obviously) and is extremely popular on Windows, where this code introduces a third-party vulnerability. Ptacek verified that both Safari & Mozilla’s Firefox are able to be compromised via the latest QuickTime vulnerability. Matasano also said to have presumed that Firefox is open to on Windows PCs if QuickTime’s plug-in is deployed. If, as is said by the group, any Java-based browser is able to be misused if QuickTime is deployed, which is also likely to lead Microsoft’s IE’s users in the vulnerable group.