QuickTime RTSP Vulnerability Proof-of-concept Surfaces || The Mac Observer

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
QuickTime RTSP Vulnerability Proof-of-concept Surfaces

QuickTime RTSP Vulnerability Proof-of-concept Surfaces

by , 4:50 PM EST, November 29th, 2007

A few days after a flaw was discovered in the QuickTime handling of the Real Time Streaming Protocol (RTSP), researchers have been able to craft a proof-of-concept exploit, according to Computerworld on Thursday.

"This particular exploit can cause remote code execution through the QuickTime RTSP protocol vulnerability on Microsoft Windows and Apple systems," Symantec said. "This is the first working exploit for Apple systems that we have observed."

The appearance of a proof-of-concept exploit at the site milw0rm.com has be characterized as a "tripwire" by Symantec. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," Alfred Huger, vice president of engineering with Symantec's security response group said last summer.

The proof-of-concept works on Intel or PPC Macs running Tiger or Leopard with QuickTime 7.2 or 7.3 (It also affects Windows XP SP2.) Symantec explained how it might work along with some preventive measures.

Apple has not yet published a fix.

Observer Comments

Show: Subjects Only | Full Comments

Close Name:Guest
Thu Nov 29, 2007 7:02 pm Subject: baloney

"If the client is using Internet Explorer, the shell code is written to a heap area for later use."

"If QuickTime ActiveX controls in Internet Explorer and plug-ins in Firefox are disabled, the exploit will not work."

NOWHERE does this article say ANYTHING about Macs being affected.

Of course Symantec recommends: "Symantec antivirus products with the latest definitions will detect this threat as Trojan.Quimkids."

/cough

Reply | Quote

Close Name:j.martellaro - TMO Staff Posts: 97 Joined: 07 Dec 2006
Thu Nov 29, 2007 7:47 pm Subject: Mac vulnerability

From the original CW article, linked in the first paragraph...

"But even though analysts confirmed on Monday that Mac OS X versions of QuickTime 7.2 and later are also vulnerable, it took several more days for other researchers to craft a reliable exploit."

...

"According to the proof-of-concept, the Metasploit module works on Intel- and PowerPC-based Macs running either Mac OS X 10.4 (Tiger) or 10.5 (Leopard). It also executes on PCs running Windows XP SP2."

Reply | Quote

Close Name:Guest
Fri Nov 30, 2007 4:06 am Subject:

They say it can happen with OS X but yet there isn't a single description of HOW it can happen in OS X.

Reply | Quote

Close Name:daemon Posts: 344 Joined: 17 May 2007
Fri Nov 30, 2007 5:13 am Subject:

Another Apple security hole. Where exactly does the "designed for security from the ground up" come into play with Apple's software?

Reply | Quote

Close Name:JulesLt Posts: 136 Joined: 06 Jul 2005
Fri Nov 30, 2007 9:11 am Subject: Dig Your Own Hole

Quote
daemon wrote:
Another Apple security hole. Where exactly does the "designed for security from the ground up" come into play with Apple's software?

The same way that a car designed for safety can still have faults?? The Unix basis of OS X is fundamentally a better model than classic Mac OS, or Windows. Mac OS system 9 closed the gap considerably, as did XP SP2 and Vista on Windows, but neither of those systems had been designed as a secure networked system in the first place.

Which isn't to defend them in this case - Quicktime seems to be the single most insecure piece of software Apple have produced.

Reply | Quote

Close Name:Intruder - TMO Mac Specialist Posts: 3149 Joined: 07 Jul 2004
Fri Nov 30, 2007 10:00 am Subject:

daemon is trolling again.

Reply | Quote

Close Name:Sir Harry Flashman Posts: 792 Joined: 08 Feb 2007
Fri Nov 30, 2007 10:56 am Subject: It doesn't work in Safari?

Am I reading the article at Symantic correctly that this exploit requires Explorer or FireFox? I didn't see where it affects Safari.

Reply | Quote

Comment on this Article

Guest Posts Visible. Hide Them.
Back to top Page 1 of 1

You cannot edit your comments. You cannot delete your comments.

Comments are currently closed. Please email the author instead.

Recent Headlines - Updated March 21st

Fri, 5:55 PM: Games - Namco Releases Match-Three Game Tinseltown Dreams to the App Store
5:16 PM: News - iPad Launch Day Deadline for Developers: March 27
5:11 PM: News - Steve Jobs Helps Promote Organ Donor Legislation
4:06 PM: iPad - VIVmag Shows Off Interactive iPad Version in the Works
3:07 PM: App Store - Microsoft Yanks Bing App From Foreign App Stores
2:05 PM: iObserver - Analysts Downgrade Troubled Palm Amid Severe Revenue Drop
1:35 PM: In-Depth Review - PhoneSuite MiLi Packs a Powerful Punch
1:11 PM: News - YouTube to Viacom: Sue Yourself
11:34 AM: Product News - PocketMac for BlackBerry 5 Improves Snow Leopard Support
10:59 AM: News - Apple iGroups Patent Hints at Social Networking Plans
10:20 AM: Hot Forum Topic - Reader Discussion: Who Will Buy Palm?
9:50 AM: News - Bharti Airtel Lands India iPhone 3GS Deal

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
Mac Memory and Hard Drives: MacBook Pro Memory 8GB kits $349.99! iMac Memory 4GB DDR Kits for $109.99! Mac Pro Memory 4GB Kits for $135.99! Mac Hard Drives 1.5TB Seagate SATA II for $147.99! Click Here!
CarMD Handheld Device & Mac/PC Software System saves you time and money on car maintenance and repair. Buy at www.CarMD.com! Save $10 with code TMO2.
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.