Featured Article: TMO Visits The Bay, a Premium Apple Reseller in New Zealand
Windows QuickTime Zero-day Flaw Discovered
by , 9:40 AM EST, January 11th, 2008
A new security flaw in QuickTime 7.3.1 for Windows surfaced on Thursday that apparently lets an attacker take control of remote PCs. The vulnerability was discovered by Italian security researcher Luigi Auriemma who posted proof-of-concept code for the exploit on the Internet, according to InformationWeek.
The alleged flaw takes advantage of a buffer overflow bug that lets an attacker send malicious code when QuickTime attempts to access a Real-Time Streaming Protocol link and port 554 on the server is closed.
Symantec Security Response claimed that the flaw appears to be legit. The company's vice president of development, Alfred Huger, commented "The proof of concept code only managed to crash the product. But it's a safe assumption that if you can do that you may be able to execute remote code."
So far the flaw appears to impact only the Windows version of QuickTime, and to date there are no known instances of an actual attack based on the vulnerability. The likelihood that Windows users could see an actual attack based on Mr. Auriemma's sample code, however, is higher since he chose to publish his proof-of-concept before contacting Apple.
Observer Comments
Fri Jan 11, 2008 12:59 pm Subject: Although quite the bummer news...
Recent Headlines - Updated Saturday, November 29th, 2008
- Sat., 9:00 PM
- Podcast - Apple Weekly Report #135: Apple Lawsuits, Banned iPhone Ad, Green MacBook Ad
- Fri., 12:45 PM
- Podcast - Mac Geek Gab #178: Batch Permission Changes, Encrypting Follow-up, Re-Enabling AirPort, and GigE speeds
- Thu., 1:30 PM
- iPO Review - Scosche kickBACK iPhone case
- 7:00 AM
- Happy Thanksgiving from TMO!
- Wed., 6:00 PM
- TMO Appearances - Nancy Gravley Joins MacJury Gift Guide
- 5:15 PM
- TMO Visits The Bay, a Premium Apple Reseller in New Zealand
- 3:25 PM
- iPO Oh the Games You'll Play - iPhone: The Wii of Handheld Gaming Devices?
- 2:15 PM
- Sonnet Releases Simply Fast FireWire 800 to 400 Adapter
- 1:10 PM
- Mac Gaming News - Disney Plans 1st Annual PotC Online Thanksgiving Event
- 12:05 PM
- iPodObserver - UK Shuts Down iPhone 3G Ad
- 11:15 AM
- TMO Appearances - Jeff Gamet on MacJury Gift Guide
- 10:30 AM
- TMO Contest - TMO Announces Macworld Expo Pass Winners
- 9:50 AM
- PhotoCopy 1.1 Adds iPhoto Event Support
- 9:15 AM
- Acclivity Buys MYOB US
- 8:30 AM
- Review - Bento 2 Holiday Pack
- 7:50 AM
- Microsoft Offers Black Friday Office Discount
- 7:30 AM
- iPO Quick Tip - iPhone: Google Street View
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
New MacPro Memory 800Mhz With Apple Spec Heat Sink - 2GB $72 / 4GB $104 / 8GB $204. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Marshmallow Popper Gun Shooter: $9.99 Delivered - Make the Yam Side Dish a Sporting Event 
OnSale's ThanksGiving Day/Black Friday Combo Sale - Turkey, Deals, and LeftOvers - The Holiday Trifecta! 
Fall Knuckle Deep into Dell Small Business's Black Friday Sale - Going on Now!!!!! 
File Your Nails Now - Overstock's Black Friday Sale is Coming! Get Great Gifts at Great Prices 
