“An Italian security researcher has posted a proof-of-concept exploit for a zero-day vulnerability in the most current version of Apple’s QuickTime media software (7.3.1),” Thomas Claburn reports for InformationWeek.
“Luigi Auriemma, noted among other things for discovering a vulnerability in the Unreal Engine in 2004, on Thursday posted details about producing a buffer overflow error in QuickTime. Buffer overflows can often be exploited by attackers to compromise the affected system,” Claburn reports.
“‘The bug is a buffer-overflow and the return address can be fully overwritten so a malicious attacker could use it for executing malicious code on the victim,’ Auriemma said in an e-mail. The vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software,” Claburn reports.
Full article here.
[Thanks to MacDailyNews Reader “RadDoc” for the heads up.]
That’s it. We’re doomed.
I did a complete review of MDN’s position, instances, and constant reassurance on this and, again folks, you can ignore this FUD
Macs cannot be invaded. Period. Move on – nothing to see here.
Interesting. Never heard much about buffer overflows in Mac OS X until Intel chips were installed.
What’s going on with QuickTime lately?? The only assurance I have is that Apple will fix this quickly… unlike some other companies we all know
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
@MacSmiley
The article doesn’t say this just affects the Intel version of QuickTime.
Yeah, why always Quicktime?
What’s going on here?
AGAIN, argh im tired of all these companies claiming, and claiming, and claiming. If they showed real proof, then we wouldnt deny them. So wheres the proof??
They have not proved that code can be executed, only that the target system can be crashed. A whole different ball game. Furthermore the assumption is made in the ‘finders’ report that because you can generate a buffer overflow you can gain control of the system. This is complete unsubstantiated FUD and simply not true. Very few buffer overflows on any system actually enable system take over although this is a clear line of attack.
I guess ‘take control of system’ makes for better headlines than ‘crashes it’.
Remove “day” and “concept” from the headline.
That’s what happens when you port your apps to windows folks.
B-D
I don’t worry too much about security problems in QuickTime. First off, Apple generally fixes them pretty fast. Second, the attack vector just isn’t very useful for mass attacks. The user would have to be tricked into playing a specific QuickTime file, plus QuickTime would have to be installed (far from certain on a PC), and then the malicious code would have to be appropriate for the specific machine the user has. In other words, the Mac version of such an attack wouldn’t work on Windows, and vice versa. Hell, the Mac PPC version wouldn’t work on a PowerMac.
So this would only be useful for attacking a specific known, individual. Since I can’t imagine anyone that interested in taking me down, I’m not going to worry.
——RM
You have absolutely no idea what you are talking about
“Furthermore the assumption is made in the ‘finders’ report that because you can generate a buffer overflow you can gain control of the system. This is complete unsubstantiated FUD and simply not true. Very few buffer overflows on any system actually enable system take over although this is a clear line of attack.”
The purpose of the buffer overflow is to execute arbitrary code outside the address space allowed by the system. Whether the system crashes or not is irrelevant. Usually the overflow causes a random crash, typically in Windows due to its poor handling of buffer control. Mac OS X generally survives these types of attacks, however, Mac OS X relies heavily on QT and cannot run without it. So arbitrary code being executed outside the address space is an exploit that needs to be handled. Again it’s not taking over the system, but running on top of the system and outside it’s address space. Often these types of attack fail as they are not stable, but just as often they succeed.
TFA also states, “But other researchers have been unable to successfully use the exploit on Mac OS X and have suggested that the flaw may lie in code specific to Windows.”
So the jury is still out on this one, no?
Everybody with an iPod will have QuickTime on their computer. That’s why it’s getting so much attention.
They said, “”It’s very serious,” Huger added, noting that it’s one of a number of QuickTime vulnerabilities discovered in the past few months.
With the increasing popularity of Mac OS X on both computers and phones, several security researchers have observed that hackers are exploring vulnerabilities in Apple’s products with more interest. “
NO its not serious cause all anyone ever did was crash the system. They keep saying that you MIGHT be able to take over the system, not that they have figured out how!!!!!
Also, with this increased exploring, the best they seem to be able to come up with is that if you do really stupid things, you affect an application and the system crashes. They are not providing actual code as to how to over take the OS. Since they go for the hype but fail to actually do,………. I have to figure that …………. wait for it. . . . . . . . .. They cannot actually take over a system, only screw it up and crash it, or convince you to load an application that is a trojan and that will not spread on its own, only one dumb user at a time.
JMHO.
en
@ @fenman
I notice you are too cowardly to even use your own handle. As for not knowing what I am talking about try more than 20 years doing penetration testing. A buffer overflow is a defect and yes it is a foot in the door but it does not guarantee ownership of the system concerned. Certainly it is easier if it is any one of many versions of Windows. If however the system being attacked has good memory partitioning then a buffer overflow will not be allowed to breach a partition and will only crash the application slice not the system and will not give access to the system in a way that guarantees ownership.
Have you just read about vulnerabilities or do you actually work full time to find them, fix them, and document attack vectors?
Be careful of whom you accuse of not having any idea of what they are talking about.
QuickTime is having a lot of publicized vulnerabilities because:
– Its deployment has skyrocketed with iTunes and the iPod (as someone else pointed out), making it a more attractive target
– It most likely contains a lot of code that was written (probably in C, which doesn’t do any bounds-checking) before the era of Internet attacks.
– The low-hanging vulnerability fruit among operating systems and user practices has been picked, so the hackers are starting to go after application vulnerabilities that can be triggered using malformed “content” files. QuickTime’s status as “application plus” (running at a lower level of the system than a user app) makes this more attractive.
My guesses at least..
I have a proof of concept that a rock can break a mirror.
If Auriemma found it, then it’s a UConn.