Apple Hardens QuickTime Security
Besides patching 11 security vulnerabilities, the new version of QuickTime adds a few new features such as ASLR (address space layout randomization), stack buffer safety checking and function call hardening, all of which make it much more difficult to hack QuickTime.
Security researchers have applauded the efforts:
"That's a pretty big change for a point release," said Dino Dai Zovi, a hacker who has written multiple exploits for QuickTime. "They [Apple] have way more guts than many other software companies to do something like that. Either that, or they are afraid of the backlash if malware starts targeting QuickTime and iTunes in a more serious way."
Top Rated Comments
(View all)
Now who is rating this negative:confused:why would this be negative? For hackers? MS fanboys?
The problem is a lot of the code is very old now and mistakes were probably made that would not be made today – benefit of hindsight etc.
That said it is good Apple are making positive steps towards locking down some of the vulnerabilities. Security is a continuous process though.
Good to know that they've improved it. I notice that the latest Safari has also blocked cross site scripting, unlike Internet Explorer and Firefox.
Block cross-site scripting? How exactly would Safari do that?
Good to know that they've improved it. I notice that the latest Safari has also blocked cross site scripting, unlike Internet Explorer and Firefox.
Last I checked FF has had this blocked for a long time. It's a reason I have to use a proxy web service to call web services on other machines from AJAX stuff running on FF. IE (6 at least) happily allows me to call web services on other servers from js running on the client.
Block cross-site scripting? How exactly would Safari do that?
Pretty simple. When you load a web page, java script on that page can only send requests back to the server you loaded the original page from. This stops you from going to a site which seems legit that then has js sending data to another site which isn't legit.
You can't implement ASLR in an application, it has to be done by the operating system, which both Vista and OS X do (Vista more effectively than OS X). It has to be enabled via a compiler flag when the application is compiled, it isn't that difficult to do and should have been done from day one with the Windows version and after Leopard was released. I also think this will be better for Windows users than Mac users, mostly because the OS X implementation of ASLR isn't all that effective, I've researched it a little bit since I got my MBP about a month ago and I don't see where much of anything is randomized. There are some libraries that are, but for the most part they are at the same location every time I looked. That and, most memory locations are still marked executable, which is not good.
As for the stack checks (stack canaries would be a better way to describe it), thats all good but again, it should have been done long ago. That type of thing has been around for a long time now and Microsoft first started using them widespread in SP2. As for function call hardening, I don't know wtf that is supposed to mean.
So its all good that they are doing this, but it should have been done a long time ago. Now they just need to fix randomization and NX in Leopard :/
Good to know that they've improved it. I notice that the latest Safari has also blocked cross site scripting, unlike Internet Explorer and Firefox.
You can't block cross site scripting in the browser. The browser is doing what it is told to do when an XSS is exploited, it renders the HTML that is returned when you visit the exploited page (persistent) or follow a link (reflected). The javascript doesn't have to come from another server.
Quicktime is great – it was the first proper multimedia software for home computers.
The problem is a lot of the code is very old now and mistakes were probably made that would not be made today – benefit of hindsight etc.
Is it? You'd think that they'd rewrite it from the ground up for todays world...
Pretty simple. When you load a web page, java script on that page can only send requests back to the server you loaded the original page from. This stops you from going to a site which seems legit that then has js sending data to another site which isn't legit.
That is how javascript pages are supposed to work. IE, FF, Safari, all do that in addition to other steps. That is not XSS. Please see http://en.wikipedia.org/wiki/Same_origin_policy and http://en.wikipedia.org/wiki/Cross-site_scripting respectively.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
