toggle

AAPL Stock: 105.22 ( + 0.39 )

Printed from http://www.macnn.com

New zero-day QuickTime exploit manifests

updated 09:10 am EST, Fri January 11, 2008

New QuickTime exploit

A new exploit has been discovered for the latest version of QuickTime, an Italian researcher claims. Luigi Auriemma says that in probing around QuickTime 7.3.1, he has discovered a buffer overflow that allows the return address to be overwritten, enabling the execution of malicious code. Specifically, the problem arises when QuickTime attempts to launch an RTSP link, and port 554 is closed. The software will then switch to port 80 in HTTP, triggering an error message that causes the buffer overflow.

Both the Windows and Mac OS X versions of the program are affected. The existence of the bug has reportedly been confirmed by Alfred Huger, the VP of development at Symantec Security Response. He observes that in testing, the proof-of-concept code only managed to crash the product; however, "it's a safe assumption that if you can do that you may be able to execute remote code," he says. "It's very serious."

Huger comments that despite a seeming increase in attacks on Apple platforms, hackers do not care about Apple specifically. Instead, Huger says, they are interested in any widely-available platform, which maximizes distribution.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. climacs

    Joined: Dec 1969

    0

    insert here

    idiotic comment by testudo

  1. testudo

    Joined: Dec 1969

    0

    no problem climacs

    How exactly is this considered a 'zero-day' exploit when there is no exploit? I thought a 'zero-day' exploit was a security issue where a virus/trojan/etc was found to have been constructed to avail itself of the hole the same day it was announced.

    Or is it because the guy who discovered it waited until he had a POC before announcing it, thus making it 'zero-day'?

  1. ViktorCode

    Joined: Dec 1969

    0

    let's see...

    I need to click on malicious streaming server link and have port 554 closed at the time. Then the server will attempt to take over my computer by injecting the code through it's error message.

    Of course, being able to invoke buffer overflow (i.e. inject the code) is considered the same as actually being able to take control of my machine by "security experts". How interesting that every time they provide proof of concept code it just manages to crash the application instead of taking over. Yet every time it's the end of the world.

    Give me some real exploits, please?

  1. macs4all

    Joined: Dec 1969

    0

    Let me fix that

    Viktorcode: While I share your "Chicken Little" feelings regarding the reporting of these exploits, perhaps you'd like to re-phrase that last rhetorical question: "Give me some real exploits, please?"

    As a Mac user, I am in no hurry for someone to come up with a "real" exploit. These fake ones will do JUST fine, thankyouverymuch, LOL!

  1. nat

    Joined: Dec 1969

    0

    real exloit

    You mean a real one like this?

    http://news.bbc.co.uk/2/hi/technology/7183008.stm

    I agree, no hurry, I'll take the fake ones.

  1. fubar_this

    Joined: Dec 1969

    0

    Buffer overflow = exec

    "How interesting that every time they provide proof of concept code it just manages to crash the application instead of taking over." You obviously are not a programmer, as every coder knows how a buffer overflow can result in code execution. Read up on it on Wikipedia.

    If you want exploits, just look. They are out there but aren't provided by security firms for obvious reasons. Like here: http://www.milw0rm.com. They have exploits for all the QT vulnerabilities. They don't cause a crash but instead cause your computer to do something benign like print out "you're p0wned". The one for mount_smb magically gives you root access after running it, without typing in a password for a very cool, very real effect.

    FYI this is commonly how malware is installed on a PC—there are no self spreading viruses anymore on the PC. The victim simply visits a compromised Web site, and a buffer overflow or some other vulnerability in the browser is execute code that writes the malware onto the user's computer. That's why buffer exploits in QT should be taken seriously. Intrusion detection software which detects buffer overflows is commonly built-into antivirus software on Windows.

  1. themacjedicali

    Joined: Dec 1969

    0

    viktorcode!

    You sound like you dont have a clue so I I will give you one. No hacker will use just a single exploit to gain access to a machine. One will use multiple dominoes that allow the next to fall in order to accomplish many differentthings. There are many more exploits for quicktime and mac os in general, and even ones that have not been known to the public. A B.O. is very serious business, as it can lead to root access, packet redirection, information theft, and whatever else someone wants to combine in the pot. until you know about programming and security in general, please keep your pie hole shut and quit looking in places you dont know about. Think for once about the real issue of Apple's bad coding that allows quicktime to be so insecure, and start to think about what happens and what is already happening behind the scenes. For every bug that gets "released" there are 5 under the hood that could be getting exploited right now on your machine without making a peep. Not all hackers are as honest as the ones who tell the public about problems. Stop being so smug, you have accomplished nothing, and you think you are safe when your safety is just an assumption simply because you dont "hear" anything about insecurity otherwise. if he had not released this info, then where you be? you would think you are safe, when he is sitting on some code that could cause some real trouble in the wrong hands...

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bring ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

toggle

Most Commented