QuickTime vulnerability can crash QuickTime on Macs

“The QuickTime vulnerability disclosed in the Windows version of QuickTime last week also affects Mac OS X, Symantec Corp. said today,” Gregg Keizer reports for Computerworld.

“According to additional research by Symantec’s security response team, the Real-Time Streaming Protocol (RTSP) bug in QuickTime is also present in the Mac versions of Apple Inc.’s media player. ‘We tested it, and the [proof-of-concept] exploit does cause a denial of service,’ said Marc Fossi, manager of the Symantec team, explaining that the Windows-specific attack code fails to give a hacker access to a Macintosh but instead causes QuickTime to crash,” Keizer reports. “Fossi cautioned Mac users against believing that they are in the clear. ‘QuickTime vulnerabilities have tended to affect both Windows and Mac OS X, and it’s always possible that a denial of service could lead to remote code execution,’ he warned.”

“Fossi also said that on Windows, it now appears that Microsoft Corp.’s Internet Explorer Versions 6 and 7, as well as the beta of Apple’s Safari browser, will offer some additional protection against attacks that are based on duping users into visiting malicious or compromised sites hosting rigged streaming content,” Keizer reports. “‘The buffer overflow protection built into IE and in Safari prevents the exploit shell code from executing in the [QuickTime] plug-in,’ said Fossi. To successfully attack a user via IE or Safari, the current exploit example would have to be refined, Symantec added in a posting to its security blog today. Firefox, however, provides no such protection.”

Full article here.

18 Comments

  1. Install Little Snitch, it’s a outgoing firewall that will prevent malicious or compromised apps from contacting the internet, delete all the default rules and carefully while-list select apps and processes. Deny Quicktime access for now until the patch is out.

    Also there is a Leopard Mail vulnerability in regards to attachments and the MetaData Zip file exploit is still around.

    For these bury Terminal in a Admin completely “No Access” folder in a System Folder. Turn off Safari’s “Open Safe Files” and don’t double-click or open anything unless your sure what it is and trust the source. Install SafeTerminal.

    One should be running a “User” all the time and “Admin” only when necessary.

    To do this. Create a New Admin user. Log into it and turn your first Admin User into a Regular user. Log into the Regular user.

    This will offer some more protection, but will not protect your files in your User Folder unfortunately.

    Turn on Firewall and advanced options in System Prefs. For more protection one should learn to use the Command Line Firewall, a GUI/Wizard based free firewall is called WaterRoof. You can speed up your web browser connection with WaterRoof as well.

  2. @how?

    Since they were testing the proof of concept code on Windows, the exploit works for Quicktime on Windows. It needs to be specially crafted for the Mac Version of quick time for it to work

    This is because OS X most likely has its libraries in different areas in memory than Windows.

  3. @Zune Tanged. Again yes, because Quicktime has to work with Windows, it now has to support the open back door for crap that Windows users are used to getting. Now Quicktime has to sully itself to the vile pit of endtrails code compliance called Windows vulnerabilities. LOL

  4. I’M glad MDN finally stopped posting their “security vs. obscurity” rant. reading that every other day had to be the most annoying thing ever. especially because what they were saying was statistically false.

    Gosh

  5. Of course it crashes, they make it to run on both platforms. Apple will have a patch out soon enough, better than the way MS deals with these issues. PLUS it won’t require the hassle of a MS fix.

  6. @Pete
    Thank you for the information. I’m a relatively new and inexperienced user who has been looking for good security info. However I did install Little Snitch a while back and found it rather annoying. I’ll take a look at some of the other ideas you provided.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.