Zero-day QuickTime flaw in the wild
By Miya Knights,
A zero-day flaw identified in Apple's QuickTime media player could soon be the subject of in-the-wild attacks looking to target users running Microsoft Windows XP and Vista operating systems (OSs).
The bug, rated critical by security researcher Symantec, is known to affect QuickTime versions 7.2 and 7.3 (although it was not yet known if earlier versions are also affected), in addition to the player's handling of Real Time streaming protocol (RTSP) of audio and video files running on the Windows OSs.
But it had not been established whether Apple OS X versions of QuickTime also carried the flaw.
Symantec and the a href="http://www.us-cert.gov" target="_blank">US Computer Emergency Readiness Team (US-CERT) have issued alerts on the flaw, which say hackers can exploit it by writing streaming content designed to get unwary users to visit compromised or malicious sites or by getting them to click on a malicious link to a file with some extension read by default in QuickTime (e.g. .qtl, .mov or .gsm) sent in an email.
Successful exploits could allow hackers to install additional malware on the user's computer to make it part of a botnet or harvest passwords using spyware.
A Polish researcher, Krystian Kloskowski was credited by Symantec for first spotting the flaw, which was posted on the milw0rm.com website last Friday. Over the weekend another researcher, known as 'InTEL' had posted proof-of-concept examples of the vulnerability running QuickTime 7.2 or 7.4 on Windows XP with service pack 2 (SP2) and Vista systems.
Symantec also said in its security alerts blog that Firefox users are more susceptible to this attack because Firefox farms off the QuickTime or RTSP request directly to the QuickTime Player as a separate process outside of its control. As a result, it said "the current version of the exploit works perfectly against Firefox if users have chosen QuickTime as the default player for multimedia formats."
There is no known patch for the vulnerability at this time, but users have been advised to restrict outbound connections on TCP 554 and avoid links to untrusted websites.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- IBM bans use of Siri on iPhones
- Apple iPad 3 vs iPad 2 head-to-head review
- Lenovo ThinkPad X1 Carbon Ultrabook review : First look
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- Google: Government controls are the internet's biggest threat
- Macs and Android under malware threat
- Sony Vaio T13 Ultrabook review: First look
- RIM loses its head of sales
- ARM-based Windows 8 tablets facing delays
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
