toggle

AAPL Stock: 431.77 ( -0.23 )

http://www.macnn.com/articles/07/11/30/quicktime.72.exploit/

QuickTime exploit circulates on Web

updated 01:20 am EST, Fri November 30, 2007

 

QuickTime 7.2 exploit


Symantec has notified DeepSight customers that a bug in QuickTime's Real Time Streaming protocol can lead towards the execution of malicious code on any computer running QuickTime 7.2 or later, and that a working proof-of-concept set of code being circulated on the internet. Computerworld reports that the bug was originally posted on milw0rm.com, and that the exploit code had worked when tested against Windows XP and later in Vista. Mac OS X 10.4 Tiger and 10.5 Leopard are said to be vulnerable as well, but took considerably more time for researches to craft a reliable, working exploit.

Apple has not commented on the issue, or supplied a patch for the bug, but Symantec urges QuickTime users to disable Quicktime as an RTSP protocol handler, which should prevent code from being triggered. Symantec also notes that the bug relies on TCP port 554 and UDP ports 6970 - 6999, and that filtering options should be enabled on those ports.

Early Thursday, SonicWALL announced that its Unified Threat Management technology has been updated to understand and prevent the threat posed by Quicktime, while Heiss Security discovered a flaw with Leopard's quarantine system.


by MacNN Staff

Post tools:

TAGS :

 QuickTime, security, software, vulnerability, Symantec, exploit, Apple

Related Articles

Recent Articles

toggle

Comments

  1. horvatic

    Fresh-Faced Recruit

    Joined: Apr 2002

    0
    11/30, 11:20am | report spam | Reply |

    We've heard it all before

    We've heard it all before. Proof of concepts by the very people who make anti-virus software. Which means they just want to sell you there product and that's all the proof they want. Every supposed proof of concept has been totally wiped as pure FUD. This probably will be too. Now if it was a Windows OS hackers would have already compromised millions of PC's. But it's not, and to date nothing has happened. Unix is very strong in security even if there is a compromise it isn't nearly as easy to exploit it because Unix was built with security first not as an after thought.

  1. robttwo

    Fresh-Faced Recruit

    Joined: Nov 2005

    0
    11/30, 12:34pm | report spam | Reply |

    This one is real

    Not the one in the article - that's the usual dogshit. I mean this new exploit that hasn't been mentioned:

    If you leave your MAC on, irregardless of what system is running, and someone comes over and unplugs your machine - IT WILL TURN OFF. There is no known way to fix this exploit, and I have the proof of concept right here.

    Doofuses.

  1. lancelott

    Fresh-Faced Recruit

    Joined: Nov 2007

    0
    11/30, 12:54pm | report spam | Reply |

    I agree with robttwo

    Lets alert Apple! ^^

    ;-)

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    12/01, 02:21am | report spam | Reply |

    Yes it is a big deal

    Perhaps you are just ignorant but this is a rather severe vulnerability. Using a simple invisible (1 px) IFRAME on a hacked Web site, anybody that visits a compromised Web site using Firefox and Safari 2 gets compromised. That's a pretty bad vulnerability.

    And if you think "I'll never visit a bad Web site like that", remember in Feb 2007 the Dolphin Stadium Web site was hacked a week before the Superbowl. Using a buffer overflow in ActiveX several hundred thousand PCs were infected.

    Also let's remember that QuickTime was responsible for the largest worm of 2006 (JS.QuickSpace, http://www.securityfocus.com/brief/375). So maybe we _should_ alert Apple.

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    12/01, 02:23am | report spam | Reply |

    oh and

    As stated very clearly in the article, the vulnerability and exploit are posted on milw0rm.com, a blackhat Web site. It wasnt published by any antivirus company. milw0rm.com commonly contains exploits that are used in rootkits, virus creation tools, etc. Rest assured they are not an antivrus company. Should read the article first.

  1. robttwo

    Fresh-Faced Recruit

    Joined: Nov 2005

    0
    12/01, 01:54pm | report spam | Reply |

    fubar_ass

    And exactly how many MAC users have been affected by this...?

    Doofuses.

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    12/02, 02:28am | report spam | Reply |

    robnitwit

    Why does the number of Mac (MAC? wtf?) users affected matter? It's a major security vulnerability in Apple's software that has been exploited. Only because Apple has a small marketshare this hasn't affected many people. You're happy because of this?

    PS: Looks like exploits are already being used: http://blog.secondlife.com/2007/11/30/second-life-viewer-susceptible-to-quicktime-security-flaw/

  1. robttwo

    Fresh-Faced Recruit

    Joined: Nov 2005

    0
    12/02, 11:46am | report spam | Reply |

    Ohhhhhhh

    I see where you spend your obviously valuable time. So - lots of machines being "infected" by this? Taken over? Destroyed? Used as viral festering grounds?

    Again - I can crash your machine anytime I want. Just let me walk over to it.

    Doof (a******) uses.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News