INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Apple QuickTime Security Advisory  (Read 1237 times)

John Gateley

  • Citizen of the Universe
  • *****
  • Posts: 4957
  • Nice haircut
Apple QuickTime Security Advisory
« on: November 30, 2007, 11:42:53 am »

CERT has released a security advisory for Apple QuickTime, which applies to QuickTime on Windows (used by Media Center to play QuickTime content such as mp4). The flaw involves content from RTSP (Real Time Streaming Protocol) sources.

There is *no* fix at the moment, and exploit code was made available to the Internet on Nov. 25.

There are several work-arounds. See the CERT advisory for more details:

http://www.us-cert.gov/cas/techalerts/TA07-334A.html

j

glynor

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 19608
Re: Apple QuickTime Security Advisory
« Reply #1 on: November 30, 2007, 11:54:00 am »

Again....?

Didn't they just fix a JavaScript one (or something like that)?
Logged
"Some cultures are defined by their relationship to cheese."

Visit me on the Interweb Thingie: http://glynor.com/

John Gateley

  • Citizen of the Universe
  • *****
  • Posts: 4957
  • Nice haircut
Re: Apple QuickTime Security Advisory
« Reply #2 on: November 30, 2007, 12:02:25 pm »

At a guess, I'd say Apple is becoming a more popular target. Perhaps Microsoft's effort to be more secure is paying off.
(one of my favorite principles: you don't have to run faster than that bear chasing you, you just have to run faster than your friend next to you)

j

glynor

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 19608
Re: Apple QuickTime Security Advisory
« Reply #3 on: November 30, 2007, 12:21:24 pm »

At a guess, I'd say Apple is becoming a more popular target. Perhaps Microsoft's effort to be more secure is paying off.
(one of my favorite principles: you don't have to run faster than that bear chasing you, you just have to run faster than your friend next to you)

Yeah... They certainly have become much more high-profile over the past few years.  The near-ubiquity of iTunes+Quicktime makes it a huge, juicy target for both "evil doers" and "security researchers" alike. (How different are those two groups, short of a degree or two, really?)

Better computer market share (especially laptops -- I see MacBooks everywhere now) over the past year+ helps too.
Logged
"Some cultures are defined by their relationship to cheese."

Visit me on the Interweb Thingie: http://glynor.com/

glynor

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 19608
Re: Apple QuickTime Security Advisory
« Reply #4 on: December 04, 2007, 08:35:28 pm »

More bad news on this...  Now Symantec says it is being actively exploited in the wild.

http://arstechnica.com/journals/apple.ars/2007/12/04/wide-open-quicktime-flaw-welcomes-new-attackers

Quote
It can be exploited under both Mac OS X and Windows and in most popular browsers (IE, Firefox, Opera, Safari). People are being attacked by being redirected from—you guessed it—an adult website to another that contains a malicious executable.
Logged
"Some cultures are defined by their relationship to cheese."

Visit me on the Interweb Thingie: http://glynor.com/

John Gateley

  • Citizen of the Universe
  • *****
  • Posts: 4957
  • Nice haircut
Re: Apple QuickTime Security Advisory
« Reply #5 on: December 04, 2007, 09:06:58 pm »

Thanks for the update.... -- j
Pages: [1]   Go Up