Mac OS X QuickTime proof-of-concept exploit code emerges

“Hackers now have sample attack code for the newest QuickTime vulnerability that can hijack Macs, including machines running the latest flavor of Mac OS X, Leopard, security researchers warned today,” Gregg Keizer reports for Computerworld.

“The news came just days after a bug in QuickTime’s handling of the Real Time Streaming Protocol (RTSP), a audio/video-streaming standard, was disclosed on the milw0rm.com Web site. Proof-of-concept exploit code that worked against Windows XP SP2 and Windows Vista followed shortly after,” Keizer reports. “But even though analysts confirmed on Monday that Mac OS X versions of QuickTime 7.2 and later are also vulnerable, it took several more days for other researchers to craft a reliable exploit.”

“According to the proof-of-concept, the Metasploit module works on Intel- and PowerPC-based Macs running either Mac OS X 10.4 (Tiger) or 10.5 (Leopard). It also executes on PCs running Windows XP SP2,” Keizer reports.

“Symantec urged users to disable Apple QuickTime as an RTSP protocol handler and filter outbound traffic over the most common (but not the only available) posts used by RTSP, which include TCP port 554 and UDP ports 6970-6999,” Keizer reports. “Apple has not yet issued a fix for QuickTime RTSP bug, but when it does, the update will be the media player’s seventh security-related fix this year.”

Links and more details in the full article here.

30 Comments

  1. 1: Open Quicktime Preferences

    2: click Advanced then MIME settings

    3: uncheck Streaming or RTSP

    4: Install Little Snitch and delete all the default rules and carefully white list outgoing connections. It’s a little trouble at first, but sure does catch all sorts of nasties before it can open a port on you. Especially when visting websites.

    5: If you already haven’t, create a new admin, log in it and change your first admin to user and use that all the time. Use a new blank user to surf for porn/p2p so they can’t delete your files.

    6: Clone your boot drive in whole to another drive using Carbon Copy Cloner, it’s donationware. Keep it disconnected and updated occassionally. You can option boot from it.

  2. Well, they claim the exploit to be able to execute code, but is it ‘sandboxed’ code, i.e., user-level, or is it admin level. Knowing that difference is critical to knowing whether this is more smoke or a serious issue. So, does anyone know?

  3. I just went to a TELCEL seller in Mexico, and they have the iPhone on sale, But I do not see any ad from apple or telcel saying that they have in Mexico. I asked to see it and they show it to me. They say it has apple warranty. Also, they said that it is not “unblock”, it is block to telcel carrier legally.

    The only problem is that is cost about $980.00 Dlls ($10,000.00 mexican pesos).

    Could it be possible that the iphone does arrive to Mexico and no body make announcements of any kind?

  4. iPhone Guy:
    I doubt it big time, but what the heck dose the iPhone in Mexico have to do with a QuickTime Exploit?

    With no “Mexican” iTunes, how do you patch the thing?, how do you activate it?. I have friends in Mexico that are using iPhones, but not unlocked ones.

  5. This could be a bad thing, But it depends on what type of stuff you are using quicktime for, If your looking up porn of cause you leave your self to the posability of Nastys.
    but you are correct Quicktime should be better behaved then this, atleast on the mac platform because after all it is OSX the most secure operating system in the world.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.