toggle

AAPL Stock: 109.41 ( + 2.67 )

Printed from http://www.macnn.com

SonicWALL blocks QuickTime zero-day exploit

updated 04:45 pm EST, Thu November 29, 2007

SonicWALL Quicktime issue

Networking security hardware manufacturer SonicWALL recently announced that it has distributed defensive measures to users of it's Unified Threat Management technology, against zero-day vulnerability exploits found in QuickTime. Malicious websites are able to create a stack-based buffer overflow in Apple's media player, by providing a phony movie file that, when activated, executes a series of code that allows a users machine to be taken over. SonicWALL says that the problem lies within the "Content-Type" header field that is sent from the server, which is not properly verified by the client's QuickTime. Once the "Content-Type" field reaches a certain length, a Buffer Overflow condition occurs, and through this, malevolent users can rewrite a user's privileges so that they have read-write access to the machine.

The company says that both Mac OS- and Windows-based users are vulnerable to the threat, since QuickTime and iTunes - which uses QuickTime's media infrastructure - are available for both platforms.

Recently, Heiss Security found a flaw in Leopard's quarantine system - a new dialogue that interrupts users when they launch a freshly downloaded file or applications to ensure they indeed would like to open it. While the flaw doesn't assuredly grant access to Mac OS X's inner workings, it does allow for arbitrary execution of commands in terminal, which can do anything from deleting a users files, to implementing a trojan.




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

Epson WorkForce DS-40 scanner

In this day and age, there's a significant amount of pressure to go paperless, and downsize the amount of things that one collects ov ...

toggle

Most Commented