updated 01:20 am EST, Fri November 30, 2007
QuickTime 7.2 exploit
Symantec has notified DeepSight customers that a bug in QuickTime's Real Time Streaming protocol can lead towards the execution of malicious code on any computer running QuickTime 7.2 or later, and that a working proof-of-concept set of code being circulated on the internet. Computerworld reports that the bug was originally posted on milw0rm.com, and that the exploit code had worked when tested against Windows XP and later in Vista. Mac OS X 10.4 Tiger and 10.5 Leopard are said to be vulnerable as well, but took considerably more time for researches to craft a reliable, working exploit.
Apple has not commented on the issue, or supplied a patch for the bug, but Symantec urges QuickTime users to disable Quicktime as an RTSP protocol handler, which should prevent code from being triggered. Symantec also notes that the bug relies on TCP port 554 and UDP ports 6970 - 6999, and that filtering options should be enabled on those ports.
Early Thursday, SonicWALL announced that its Unified Threat Management technology has been updated to understand and prevent the threat posed by Quicktime, while Heiss Security discovered a flaw with Leopard's quarantine system.