Unpatched QuickTime Vulnerability Exploited
The vulnerability affects recent versions of QuickTime, including 7.2 and 7.3, and remains unpatched by Apple. The vulnerability lies in improper handling of RTSP headers which can lead to a buffer overflow where an attacker can execute their own code. Symantec rates the vulnerability as "High" criticality.
Now, Symantec reports (via Macworld) that the vulnerability is being exploited in the wild. Both known exploits involve redirection from the intended web page to a server that uses the vulnerability to load code onto the victim's machine.
Initially, the attacks appear to be loading Windows executables, however Symantec warns that the vulnerability affects both Windows and Mac operating systems.
Symantec suggests the following for mitigating risk until a patch is released:
To protect systems from attack, Symantec recommended blocking access to affected sites. Filter outgoing access to 85.255.117.212, 85.255.117.213, 216.255.183.59, 69.50.190.135, 58.65.238.116, and 208.113.154.34. Additionally 2005-search.com, 1800-search.com, search-biz.org, and ourvoyeur.net should be filtered, it said, adding IT managers can also block outgoing TCP access to port 554.
Symantec also suggests that as a last step, users and IT managers consider uninstalling QuickTime until a patch is released.
Top Rated Comments
(View all)
This is the type of security vulnerability that I find most threatening b/c there's no "Are you sure you want to open this App." final warning.
Anyone know if the executable code needs to load into an Admin user's account or any old account?
Symantec also suggests that as a last step, users and IT managers consider uninstalling QuickTime until a patch is released.
Pardon my language but this is hysterical and outrageously funny!
I can't wait to see the next Windows exploit in action and this;
Symantec also suggests that as a last step, users and IT managers consider uninstalling Windows until a patch is released.
Isn't Leopard's library memory randomization supposed to make buffer overflow attacks like this impossible?
I was just thinking the same thing. Leopard was supposed to have killed the buffer overflow possibility. Hopefully someone with knowledge about this Leopard feature will be able to shed some light on this for us.
My gut feeling says this is BS.
I was just thinking the same thing. Leopard was supposed to have killed the buffer overflow possibility. Hopefully someone with knowledge about this Leopard feature will be able to shed some light on this for us.
My gut feeling says this is BS.
Nothing in security is foolproof. A friend of mine was at a security conference a few weeks ago and people were giving presentations and demonstrating ways around address randomization.
...Symantec also suggests that as a last step, users and IT managers consider uninstalling QuickTime until a patch is released.
sure... and how are we is supposed to do that? :eek::rolleyes:
Symantec is now working it's way into the pocketbooks of Macintosh users. I will just use VLC and disable QuickTime for the time being, though I don't go to to sites or download videos from untrusted sources anyway.
As always, your best defense against these things, is some good old common sense!
Initially, the attacks appear to be loading Windows executables, however Symantec warns that the vulnerability affects both Windows and Mac operating systems.
So is it true that if it did load a Mac OS "executable" it would run without Admin permission?
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
