View this article at: http://www.macnn.com/articles/05/05/12/tiger.qt.exploit/
Thursday, May 12,2005 @ 3:20pm

New security vulnerability threatens Tiger

A security vulnerability in Mac OS X 10.4 Tiger allows a malicious .mov file to leak information to an external host. The exploit, which was discovered by David Remahl in Sweden, takes advantage "compositions," which have access to powerful tools known as "patches." Combining patches that provide advanced system information with patches that load information from the Internet allows an embedded .mov file to leak system details. A temporary workaround includes disabling the QuickTime plug-in and treating Quartz Composer files with suspicion. An alternative workaround involves disabling QTZ support in QuickTime by removing QuartzComposer.rcomponent in the QuickTime section of the system Library.

Leaked information:

Local user name (long and short)

Computer name

Local IP

OS / kernel version

CPU / RAM / GPU configuration

Names (human-readable) of Bonjour services on the local network

Local or system time

Volume of audio input

Lists of images (including pdfs) matching arbitrary spotlight queries

Lists of images (including pdfs) in specific directories (relative to / or ~)

The existence of image and movie files can indicate the existance of certain software packages

Copyright ©1995-2005 Macintosh News Network, Inc. All rights reserved.