Unpatched QuickTime Vulnerability Exploited
A recent vulnerability in Apple's QuickTime software is reportedly being successfully exploited on the internet, according to security research vendor Symantec.
The vulnerability affects recent versions of QuickTime, including 7.2 and 7.3, and remains unpatched by Apple. The vulnerability lies in improper handling of RTSP headers which can lead to a buffer overflow where an attacker can execute their own code. Symantec rates the vulnerability as "High" criticality.
Now, Symantec reports (via Macworld) that the vulnerability is being exploited in the wild. Both known exploits involve redirection from the intended web page to a server that uses the vulnerability to load code onto the victim's machine.
Initially, the attacks appear to be loading Windows executables, however Symantec warns that the vulnerability affects both Windows and Mac operating systems.
Symantec suggests the following for mitigating risk until a patch is released:
To protect systems from attack, Symantec recommended blocking access to affected sites. Filter outgoing access to 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, and 22.214.171.124. Additionally 2005-search.com, 1800-search.com, search-biz.org, and ourvoyeur.net should be filtered, it said, adding IT managers can also block outgoing TCP access to port 554.
Symantec also suggests that as a last step, users and IT managers consider uninstalling QuickTime until a patch is released.