QuickTime RTSP Vulnerability Proof-of-concept Surfaces || The Mac Observer

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
QuickTime RTSP Vulnerability Proof-of-concept Surfaces

QuickTime RTSP Vulnerability Proof-of-concept Surfaces

by , 4:50 PM EST, November 29th, 2007

A few days after a flaw was discovered in the QuickTime handling of the Real Time Streaming Protocol (RTSP), researchers have been able to craft a proof-of-concept exploit, according to Computerworld on Thursday.

"This particular exploit can cause remote code execution through the QuickTime RTSP protocol vulnerability on Microsoft Windows and Apple systems," Symantec said. "This is the first working exploit for Apple systems that we have observed."

The appearance of a proof-of-concept exploit at the site milw0rm.com has be characterized as a "tripwire" by Symantec. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," Alfred Huger, vice president of engineering with Symantec's security response group said last summer.

The proof-of-concept works on Intel or PPC Macs running Tiger or Leopard with QuickTime 7.2 or 7.3 (It also affects Windows XP SP2.) Symantec explained how it might work along with some preventive measures.

Apple has not yet published a fix.

Observer Comments

Show: Subjects Only | Full Comments

Close Name:Guest
Thu Nov 29, 2007 7:02 pm Subject: baloney

"If the client is using Internet Explorer, the shell code is written to a heap area for later use."

"If QuickTime ActiveX controls in Internet Explorer and plug-ins in Firefox are disabled, the exploit will not work."

NOWHERE does this article say ANYTHING about Macs being affected.

Of course Symantec recommends: "Symantec antivirus products with the latest definitions will detect this threat as Trojan.Quimkids."

/cough

Reply | Quote

Close Name:j.martellaro - TMO Staff Posts: 97 Joined: 07 Dec 2006
Thu Nov 29, 2007 7:47 pm Subject: Mac vulnerability

From the original CW article, linked in the first paragraph...

"But even though analysts confirmed on Monday that Mac OS X versions of QuickTime 7.2 and later are also vulnerable, it took several more days for other researchers to craft a reliable exploit."

...

"According to the proof-of-concept, the Metasploit module works on Intel- and PowerPC-based Macs running either Mac OS X 10.4 (Tiger) or 10.5 (Leopard). It also executes on PCs running Windows XP SP2."

Reply | Quote

Close Name:Guest
Fri Nov 30, 2007 4:06 am Subject:

They say it can happen with OS X but yet there isn't a single description of HOW it can happen in OS X.

Reply | Quote

Close Name:daemon Posts: 344 Joined: 17 May 2007
Fri Nov 30, 2007 5:13 am Subject:

Another Apple security hole. Where exactly does the "designed for security from the ground up" come into play with Apple's software?

Reply | Quote

Close Name:JulesLt Posts: 136 Joined: 06 Jul 2005
Fri Nov 30, 2007 9:11 am Subject: Dig Your Own Hole

Quote
daemon wrote:
Another Apple security hole. Where exactly does the "designed for security from the ground up" come into play with Apple's software?

The same way that a car designed for safety can still have faults?? The Unix basis of OS X is fundamentally a better model than classic Mac OS, or Windows. Mac OS system 9 closed the gap considerably, as did XP SP2 and Vista on Windows, but neither of those systems had been designed as a secure networked system in the first place.

Which isn't to defend them in this case - Quicktime seems to be the single most insecure piece of software Apple have produced.

Reply | Quote

Close Name:Intruder - TMO Mac Specialist Posts: 3149 Joined: 07 Jul 2004
Fri Nov 30, 2007 10:00 am Subject:

daemon is trolling again.

Reply | Quote

Close Name:Sir Harry Flashman Posts: 792 Joined: 08 Feb 2007
Fri Nov 30, 2007 10:56 am Subject: It doesn't work in Safari?

Am I reading the article at Symantic correctly that this exploit requires Explorer or FireFox? I didn't see where it affects Safari.

Reply | Quote

Comment on this Article

Guest Posts Visible. Hide Them.
Back to top Page 1 of 1

You cannot edit your comments. You cannot delete your comments.

Comments are currently closed. Please email the author instead.

Recent Headlines - Updated November 21st

Fri, 7:07 PM: Games - Soccer Sim Championship Manager 2010 Released for Mac
6:47 PM: Games - EA Publishes Original Monopoly for iPhone
6:15 PM: News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
6:11 PM: Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
5:47 PM: Games - Star Trek D-A-C Game Headed to the Mac Next Month
4:57 PM: Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
4:26 PM: John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
2:59 PM: Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
1:50 PM: Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor: $139.99
11:24 AM: TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
10:43 AM: Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
10:06 AM: News - Hack Enables Mac OS X 10.6.2 on Netbooks

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
OWC: We Make DIY Upgrading Easy! Maximize your Apple MacBook / MacBook Pro. Up to 8.0GB Memory, up to 1.0TB HD & More. Easy Guide + Free, Detailed Installation Videos. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.