MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      
toggle

AAPL Stock: 433.26 ( -1.32 )

http://www.macnn.com/articles/08/01/11/new.quicktime.exploit/

New zero-day QuickTime exploit manifests

updated 09:10 am EST, Fri January 11, 2008

 

New QuickTime exploit


A new exploit has been discovered for the latest version of QuickTime, an Italian researcher claims. Luigi Auriemma says that in probing around QuickTime 7.3.1, he has discovered a buffer overflow that allows the return address to be overwritten, enabling the execution of malicious code. Specifically, the problem arises when QuickTime attempts to launch an RTSP link, and port 554 is closed. The software will then switch to port 80 in HTTP, triggering an error message that causes the buffer overflow.

Both the Windows and Mac OS X versions of the program are affected. The existence of the bug has reportedly been confirmed by Alfred Huger, the VP of development at Symantec Security Response. He observes that in testing, the proof-of-concept code only managed to crash the product; however, "it's a safe assumption that if you can do that you may be able to execute remote code," he says. "It's very serious."

Huger comments that despite a seeming increase in attacks on Apple platforms, hackers do not care about Apple specifically. Instead, Huger says, they are interested in any widely-available platform, which maximizes distribution.


by MacNN Staff

Post tools:

TAGS :

 QuickTime, security

Related Articles

Recent Articles

toggle

Comments

  1. climacs

    Fresh-Faced Recruit

    Joined: Sep 2001

    0
    01/11, 09:41am | report spam | Reply |

    insert here

    idiotic comment by testudo

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    01/11, 09:58am | report spam | Reply |

    no problem climacs

    How exactly is this considered a 'zero-day' exploit when there is no exploit? I thought a 'zero-day' exploit was a security issue where a virus/trojan/etc was found to have been constructed to avail itself of the hole the same day it was announced.

    Or is it because the guy who discovered it waited until he had a POC before announcing it, thus making it 'zero-day'?

  1. ViktorCode

    Fresh-Faced Recruit

    Joined: Jan 2006

    0
    01/11, 11:04am | report spam | Reply |

    let's see...

    I need to click on malicious streaming server link and have port 554 closed at the time. Then the server will attempt to take over my computer by injecting the code through it's error message.

    Of course, being able to invoke buffer overflow (i.e. inject the code) is considered the same as actually being able to take control of my machine by "security experts". How interesting that every time they provide proof of concept code it just manages to crash the application instead of taking over. Yet every time it's the end of the world.

    Give me some real exploits, please?

  1. macs4all

    Fresh-Faced Recruit

    Joined: Aug 2003

    0
    01/11, 11:51am | report spam | Reply |

    Let me fix that

    Viktorcode: While I share your "Chicken Little" feelings regarding the reporting of these exploits, perhaps you'd like to re-phrase that last rhetorical question: "Give me some real exploits, please?"

    As a Mac user, I am in no hurry for someone to come up with a "real" exploit. These fake ones will do JUST fine, thankyouverymuch, LOL!

  1. nat

    Junior Member

    Joined: Mar 2002

    0
    01/11, 02:16pm | report spam | Reply |

    real exloit

    You mean a real one like this?

    http://news.bbc.co.uk/2/hi/technology/7183008.stm

    I agree, no hurry, I'll take the fake ones.

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    01/11, 11:43pm | report spam | Reply |

    Buffer overflow = exec

    "How interesting that every time they provide proof of concept code it just manages to crash the application instead of taking over." You obviously are not a programmer, as every coder knows how a buffer overflow can result in code execution. Read up on it on Wikipedia.

    If you want exploits, just look. They are out there but aren't provided by security firms for obvious reasons. Like here: http://www.milw0rm.com. They have exploits for all the QT vulnerabilities. They don't cause a crash but instead cause your computer to do something benign like print out "you're p0wned". The one for mount_smb magically gives you root access after running it, without typing in a password for a very cool, very real effect.

    FYI this is commonly how malware is installed on a PC—there are no self spreading viruses anymore on the PC. The victim simply visits a compromised Web site, and a buffer overflow or some other vulnerability in the browser is execute code that writes the malware onto the user's computer. That's why buffer exploits in QT should be taken seriously. Intrusion detection software which detects buffer overflows is commonly built-into antivirus software on Windows.

  1. themacjedicali

    Fresh-Faced Recruit

    Joined: Nov 2007

    0
    01/13, 08:38am | report spam | Reply |

    viktorcode!

    You sound like you dont have a clue so I I will give you one. No hacker will use just a single exploit to gain access to a machine. One will use multiple dominoes that allow the next to fall in order to accomplish many differentthings. There are many more exploits for quicktime and mac os in general, and even ones that have not been known to the public. A B.O. is very serious business, as it can lead to root access, packet redirection, information theft, and whatever else someone wants to combine in the pot. until you know about programming and security in general, please keep your pie hole shut and quit looking in places you dont know about. Think for once about the real issue of Apple's bad coding that allows quicktime to be so insecure, and start to think about what happens and what is already happening behind the scenes. For every bug that gets "released" there are 5 under the hood that could be getting exploited right now on your machine without making a peep. Not all hackers are as honest as the ones who tell the public about problems. Stop being so smug, you have accomplished nothing, and you think you are safe when your safety is just an assumption simply because you dont "hear" anything about insecurity otherwise. if he had not released this info, then where you be? you would think you are safe, when he is sitting on some code that could cause some real trouble in the wrong hands...

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

toggle

Most Commented

 

Popular News