MacNN | Print: New security vulnerability threatens Tiger

macnn

View this article at: http://www.macnn.com/articles/05/05/12/tiger.qt.exploit/
Thursday, May 12,2005 @ 3:20pm

New security vulnerability threatens Tiger

A security vulnerability in Mac OS X 10.4 Tiger allows a malicious .mov file to leak information to an external host. The exploit, which was discovered by David Remahl in Sweden, takes advantage "compositions," which have access to powerful tools known as "patches." Combining patches that provide advanced system information with patches that load information from the Internet allows an embedded .mov file to leak system details. A temporary workaround includes disabling the QuickTime plug-in and treating Quartz Composer files with suspicion. An alternative workaround involves disabling QTZ support in QuickTime by removing QuartzComposer.rcomponent in the QuickTime section of the system Library.

Leaked information:

  • Local user name (long and short)
  • Computer name
  • Local IP
  • OS / kernel version
  • CPU / RAM / GPU configuration
  • Names (human-readable) of Bonjour services on the local network
  • Local or system time
  • Volume of audio input
  • Lists of images (including pdfs) matching arbitrary spotlight queries
  • Lists of images (including pdfs) in specific directories (relative to / or ~)
  • The existence of image and movie files can indicate the existance of certain software packages

  • Copyright ©1995-2005 Macintosh News Network, Inc. All rights reserved.