Zero-day proof-of-concept exploit for Apple’s QuickTime can affect both Mac and Windows versions

“An Italian security researcher has posted a proof-of-concept exploit for a zero-day vulnerability in the most current version of Apple’s QuickTime media software (7.3.1),” Thomas Claburn reports for InformationWeek.

“Luigi Auriemma, noted among other things for discovering a vulnerability in the Unreal Engine in 2004, on Thursday posted details about producing a buffer overflow error in QuickTime. Buffer overflows can often be exploited by attackers to compromise the affected system,” Claburn reports.

“‘The bug is a buffer-overflow and the return address can be fully overwritten so a malicious attacker could use it for executing malicious code on the victim,’ Auriemma said in an e-mail. The vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software,” Claburn reports.

Full article here.

[Thanks to MacDailyNews Reader “RadDoc” for the heads up.]

19 Comments

  1. What’s going on with QuickTime lately?? The only assurance I have is that Apple will fix this quickly… unlike some other companies we all know ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  2. They have not proved that code can be executed, only that the target system can be crashed. A whole different ball game. Furthermore the assumption is made in the ‘finders’ report that because you can generate a buffer overflow you can gain control of the system. This is complete unsubstantiated FUD and simply not true. Very few buffer overflows on any system actually enable system take over although this is a clear line of attack.

    I guess ‘take control of system’ makes for better headlines than ‘crashes it’.

  3. I don’t worry too much about security problems in QuickTime. First off, Apple generally fixes them pretty fast. Second, the attack vector just isn’t very useful for mass attacks. The user would have to be tricked into playing a specific QuickTime file, plus QuickTime would have to be installed (far from certain on a PC), and then the malicious code would have to be appropriate for the specific machine the user has. In other words, the Mac version of such an attack wouldn’t work on Windows, and vice versa. Hell, the Mac PPC version wouldn’t work on a PowerMac.

    So this would only be useful for attacking a specific known, individual. Since I can’t imagine anyone that interested in taking me down, I’m not going to worry.

    ——RM

  4. You have absolutely no idea what you are talking about

    “Furthermore the assumption is made in the ‘finders’ report that because you can generate a buffer overflow you can gain control of the system. This is complete unsubstantiated FUD and simply not true. Very few buffer overflows on any system actually enable system take over although this is a clear line of attack.”

    The purpose of the buffer overflow is to execute arbitrary code outside the address space allowed by the system. Whether the system crashes or not is irrelevant. Usually the overflow causes a random crash, typically in Windows due to its poor handling of buffer control. Mac OS X generally survives these types of attacks, however, Mac OS X relies heavily on QT and cannot run without it. So arbitrary code being executed outside the address space is an exploit that needs to be handled. Again it’s not taking over the system, but running on top of the system and outside it’s address space. Often these types of attack fail as they are not stable, but just as often they succeed.

  5. TFA also states, “But other researchers have been unable to successfully use the exploit on Mac OS X and have suggested that the flaw may lie in code specific to Windows.”

    So the jury is still out on this one, no?

  6. They said, “”It’s very serious,” Huger added, noting that it’s one of a number of QuickTime vulnerabilities discovered in the past few months.

    With the increasing popularity of Mac OS X on both computers and phones, several security researchers have observed that hackers are exploring vulnerabilities in Apple’s products with more interest. “

    NO its not serious cause all anyone ever did was crash the system. They keep saying that you MIGHT be able to take over the system, not that they have figured out how!!!!!

    Also, with this increased exploring, the best they seem to be able to come up with is that if you do really stupid things, you affect an application and the system crashes. They are not providing actual code as to how to over take the OS. Since they go for the hype but fail to actually do,………. I have to figure that …………. wait for it. . . . . . . . .. They cannot actually take over a system, only screw it up and crash it, or convince you to load an application that is a trojan and that will not spread on its own, only one dumb user at a time.

    JMHO.

    en

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.