Get the latest news from Computerworld delivered via email. Security researchers warn that attack code targeting an unpatched bug in Apple’s QuickTime has gone public, and added that in-the-wild attacks against systems running Windows XP and Vista are probably not far behind. There was no word as of last Sunday whether the Mac OS X versions of the media player are also vulnerable.
The critical bug in QuickTime 7.2 and 7.3 (and perhaps earlier editions as well) is in the player’s handling of the Real Time Streaming Protocol (RTSP), a audio/video streaming standard. According to alerts posted by Symantec and the US Computer Emergency Readiness Team (US-CERT), attackers can exploit the flaw by duping users into visiting malicious or compromised websites hosting specially-crafted streaming content, or by convincing them to open a rigged QTL file attached to an email message.
Symantec credited Polish research Krystian Kloskowski with first reporting the zero-day vulnerability on the milw0rm.com website Friday. Kloskowski and an unnamed researcher identified as InTeL followed up with separate proof-of-concept examples that executed on Windows XP SP2 and Windows Vista machines running QuickTime 7.2 or 7.3. A successful exploit would let the attacker install additional malware spyware or a spambot, say or cull the system for information like passwords.
An attack that failed would likely only crash QuickTime. A gaffe by Apple’s developers, however, makes attack easier on Vista, says InTeL, who claims that the QuickTimePlayer binary does not have Address Space Layout Randomisation (ASLR) enabled. ASLR is a Vista security feature that randomly assigns data and application components, such as .exe and .dll files, to memory to make it tougher for attackers to determine the location of critical functions or vulnerable code.
Leave a comment
You must be logged in to post a comment.