updated 09:10 am EST, Fri January 11, 2008
New QuickTime exploit
A new exploit has been discovered for the latest version of QuickTime, an Italian researcher claims. Luigi Auriemma says that in probing around QuickTime 7.3.1, he has discovered a buffer overflow that allows the return address to be overwritten, enabling the execution of malicious code. Specifically, the problem arises when QuickTime attempts to launch an RTSP link, and port 554 is closed. The software will then switch to port 80 in HTTP, triggering an error message that causes the buffer overflow.
Both the Windows and Mac OS X versions of the program are affected. The existence of the bug has reportedly been confirmed by Alfred Huger, the VP of development at Symantec Security Response. He observes that in testing, the proof-of-concept code only managed to crash the product; however, "it's a safe assumption that if you can do that you may be able to execute remote code," he says. "It's very serious."
Huger comments that despite a seeming increase in attacks on Apple platforms, hackers do not care about Apple specifically. Instead, Huger says, they are interested in any widely-available platform, which maximizes distribution.