toggle

AAPL Stock: 562.29 ( -3.03 )

'Month of bugs' reveals QuickTime exploit

updated 01:10 pm EST, Tue January 2, 2007

'Month of bugs' exploit


A security analyst who elected to kick off the new year with one month of Apple bugs has published the first flaw -- which resides in Apple's QuickTime software. A new post states that a vulnerability in the QuickTime rstp URL handler could allow malicious users to remotely execute code via a stack-based buffer overflow. "By supplying a specially crafted string, an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition," the anonymous security expert wrote. The example exploit, which requires a working Ruby interpreter, creates a QTL file that users can open locally or that is served remotely via a Web server. The poster notes that while the sample exploit itself is trivial in nature, the code could easily be modified to use shell code. The author also notes that the only known workaround for Mac users is to disable the rtsp:// URL handler or uninstall QuickTime entirely.


by MacNN Staff

print
email
(11)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. fritzw1957

    Fresh-Faced Recruit

    Joined: Nov 2004

    0
    01/02, 01:19pm | report spam | Reply |

    I suspect...

    a Security Update forthcoming from Apple. While Apple hasn't always been fast at releasing some updates, they will probably address this "bug" soon enough.

  1. sixcolors

    Fresh-Faced Recruit

    Joined: Oct 2001

    0
    01/02, 01:38pm | report spam | Reply |

    Bug reporter

    I generally publish stuff like this to apple's beg reporter. That way it gets fixed. All this does is give those who would actually do something malicious the methods to do so.

    Why do I take this stance? Well it's simple. People who use exploits on the general public are idiots. They do not have the ability to find actual security flaws and exploit them. They require someone else to find them, publish them and they then follow directions.

    I'll stick to being constructive instead of being an egomaniacal a**.

  1. smittie

    Fresh-Faced Recruit

    Joined: Jan 2007

    0
    01/02, 01:52pm | report spam | Reply |

    Exploitation indeed

    The real exploitation here is LHM. LHM seeks to exploit the media in order to gain his fifteen minutes of fame. Whether LHM wants to prove that he is L33t and pwnz u or wants to get someone's attention so that they will give him a job or some other goal, it is still plain and simple exploitation of the media.

    It would be interesting to find out if any of the things that LHM will tell us about over the next 29 days are actually orginal. I suspect not.

    In the end, as sixcolors has already pointed out, mature software engineers report bugs and security issue through established bug reporting systems so that the bugs can get fixed. Children and those with ego issues do other things.

    Enjoy the spotlight LHM. I hope you find what you're really looking for.

    Smittie

  1. t6hawk

    Mac Enthusiast

    Joined: Jan 2001

    0
    01/02, 01:55pm | report spam | Reply |

    A security analyst?

    This guy shouldn't be called a security analyst. Real analysts use their names.

  1. smittie

    Fresh-Faced Recruit

    Joined: Jan 2007

    0
    01/02, 02:01pm | report spam | Reply |

    Hum?

    Someone smarter than me needs to look into this further but it appears to be that LHM's first security issue is either known by Apple or has already been fixed. The following quote is from this page on Apple's support site:

    "QuickTime Streaming Server

    CVE-ID: CVE-2006-1456

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.6

    Impact: Maliciously-crafted RTSP requests may lead to crashes or arbitrary code execution

    Description: By carefully crafting an RTSP request, an attacker may be able to trigger a buffer overflow during message logging. This may lead to the arbitrary code execution with the privileges of the QuickTime Streaming Server. This update adresses the issue by properly handling the boundary conditions. Credit to the Mu Security research team for reporting this issue."

    Is this not the same issue that LHM claims to be reporting??

  1. smittie

    Fresh-Faced Recruit

    Joined: Jan 2007

    0
    01/02, 02:02pm | report spam | Reply |

    RE: Hum?

    Sorry. The url didn't post. It is:

    http://docs.info.apple.com/article.html?artnum=303737

    Smittie

  1. smittie

    Fresh-Faced Recruit

    Joined: Jan 2007

    0
    01/02, 02:05pm | report spam | Reply |

    RE: Hum?

    I suppose the unique aspect that LHM is reporting is that the rtsp request affects not only QTSS but QuickTime client as well.

  1. mgpalma

    Fresh-Faced Recruit

    Joined: Sep 2000

    0
    01/02, 02:48pm | report spam | Reply |

    yawn

    I can't wait to see what's next.

  1. williamdrover

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    01/02, 02:54pm | report spam | Reply |

    aaaarghh

    Actually ther 'bug' is that I watched a movie of this 'analyst's' mother in Quictime and it made me smash my face through my monitor in horror, thus rendering the entire computer useless. It's way more serious than he leads you to believe!

  1. Rosyna

    Forum Regular

    Joined: Aug 2001

    0
    01/02, 03:50pm | report spam | Reply |

    Already a fix...

    There's already a fix for it available at http://www.unsanity.org/archives/mac_os_x/the_month_of_trolly_trolls_and.php

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News