QuickTime RTSP Vulnerability Proof-of-concept Surfaces || The Mac Observer

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
QuickTime RTSP Vulnerability Proof-of-concept Surfaces

QuickTime RTSP Vulnerability Proof-of-concept Surfaces

by , 4:50 PM EST, November 29th, 2007

A few days after a flaw was discovered in the QuickTime handling of the Real Time Streaming Protocol (RTSP), researchers have been able to craft a proof-of-concept exploit, according to Computerworld on Thursday.

"This particular exploit can cause remote code execution through the QuickTime RTSP protocol vulnerability on Microsoft Windows and Apple systems," Symantec said. "This is the first working exploit for Apple systems that we have observed."

The appearance of a proof-of-concept exploit at the site milw0rm.com has be characterized as a "tripwire" by Symantec. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," Alfred Huger, vice president of engineering with Symantec's security response group said last summer.

The proof-of-concept works on Intel or PPC Macs running Tiger or Leopard with QuickTime 7.2 or 7.3 (It also affects Windows XP SP2.) Symantec explained how it might work along with some preventive measures.

Apple has not yet published a fix.

Observer Comments

Show: Subjects Only | Full Comments

Close Name:Guest
Thu Nov 29, 2007 7:02 pm Subject: baloney

"If the client is using Internet Explorer, the shell code is written to a heap area for later use."

"If QuickTime ActiveX controls in Internet Explorer and plug-ins in Firefox are disabled, the exploit will not work."

NOWHERE does this article say ANYTHING about Macs being affected.

Of course Symantec recommends: "Symantec antivirus products with the latest definitions will detect this threat as Trojan.Quimkids."

/cough

Reply | Quote

Close Name:j.martellaro - TMO Staff Posts: 97 Joined: 07 Dec 2006
Thu Nov 29, 2007 7:47 pm Subject: Mac vulnerability

From the original CW article, linked in the first paragraph...

"But even though analysts confirmed on Monday that Mac OS X versions of QuickTime 7.2 and later are also vulnerable, it took several more days for other researchers to craft a reliable exploit."

...

"According to the proof-of-concept, the Metasploit module works on Intel- and PowerPC-based Macs running either Mac OS X 10.4 (Tiger) or 10.5 (Leopard). It also executes on PCs running Windows XP SP2."

Reply | Quote

Close Name:Guest
Fri Nov 30, 2007 4:06 am Subject:

They say it can happen with OS X but yet there isn't a single description of HOW it can happen in OS X.

Reply | Quote

Close Name:daemon Posts: 344 Joined: 17 May 2007
Fri Nov 30, 2007 5:13 am Subject:

Another Apple security hole. Where exactly does the "designed for security from the ground up" come into play with Apple's software?

Reply | Quote

Close Name:JulesLt Posts: 136 Joined: 06 Jul 2005
Fri Nov 30, 2007 9:11 am Subject: Dig Your Own Hole

Quote
daemon wrote:
Another Apple security hole. Where exactly does the "designed for security from the ground up" come into play with Apple's software?

The same way that a car designed for safety can still have faults?? The Unix basis of OS X is fundamentally a better model than classic Mac OS, or Windows. Mac OS system 9 closed the gap considerably, as did XP SP2 and Vista on Windows, but neither of those systems had been designed as a secure networked system in the first place.

Which isn't to defend them in this case - Quicktime seems to be the single most insecure piece of software Apple have produced.

Reply | Quote

Close Name:Intruder - TMO Mac Specialist Posts: 3149 Joined: 07 Jul 2004
Fri Nov 30, 2007 10:00 am Subject:

daemon is trolling again.

Reply | Quote

Close Name:Sir Harry Flashman Posts: 792 Joined: 08 Feb 2007
Fri Nov 30, 2007 10:56 am Subject: It doesn't work in Safari?

Am I reading the article at Symantic correctly that this exploit requires Explorer or FireFox? I didn't see where it affects Safari.

Reply | Quote

Comment on this Article

Guest Posts Visible. Hide Them.
Back to top Page 1 of 1

You cannot edit your comments. You cannot delete your comments.

Comments are currently closed. Please email the author instead.

Recent Headlines - Updated February 13th

Sat, 4:11 PM: MacOS KenDensed - MacOS KenDensed: iPad 3 Frenzy, Big-time Apple & Steve Jobs, G-Man
Fri, 8:10 PM: News - Apple Sues Motorola Mobility in California Over German Case
7:54 PM: Free on iTunes - OnLive Desktop: Windows & Office on Your iPad
7:43 PM: Product News - Apple Rolls Out MacBook Air Configurations for Education
6:35 PM: Just a Peek - Battle Pocket Bulge With The Hint for iPhone
6:01 PM: Rumor - Apple Reportedly Bringing MacBook Air Styling to Pro Line
4:50 PM: Particle Debris - The Hidden Gotchas of Browser Security
3:56 PM: Apple Stock Watch - Analyst: Paying a Dividend Makes Sense for Apple
2:58 PM: Deal Brothers - iMac 27-inch 2.93GHz Intel Quad-Core i7 processor: $1,999
2:45 PM: In-Depth Review - Theodolite App for iOS is Breathtaking
12:52 PM: Apple Stock Watch - Mizuho Securities Starts Apple Coverage with $635 Target
11:35 AM: Hot Forum Topic - Forum Poll: Are You Planning on Buying a New iPad?

The Mac Observer Reader Specials

TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct from Strider Software.
Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here!
If you're using a Mac, then you've gotta check out Online Poker Mac. This mac poker and online casino mac site actually does the unthinkable, it actually rewards!