The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
QuickTime RTSP Vulnerability Proof-of-concept Surfaces

QuickTime RTSP Vulnerability Proof-of-concept Surfaces

by , 4:50 PM EST, November 29th, 2007

A few days after a flaw was discovered in the QuickTime handling of the Real Time Streaming Protocol (RTSP), researchers have been able to craft a proof-of-concept exploit, according to Computerworld on Thursday.

"This particular exploit can cause remote code execution through the QuickTime RTSP protocol vulnerability on Microsoft Windows and Apple systems," Symantec said. "This is the first working exploit for Apple systems that we have observed."

The appearance of a proof-of-concept exploit at the site milw0rm.com has be characterized as a "tripwire" by Symantec. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," Alfred Huger, vice president of engineering with Symantec's security response group said last summer.

The proof-of-concept works on Intel or PPC Macs running Tiger or Leopard with QuickTime 7.2 or 7.3 (It also affects Windows XP SP2.) Symantec explained how it might work along with some preventive measures.

Apple has not yet published a fix.

Recent TMO Headlines - Updated August 28th

Sat, 1:34 AM
Tim Cook Pivots to Play Active Role in Shaping Apple Narrative
Fri, 8:35 PM
WhatsApp's New Privacy Policy is a Big Trust Killer
Fri, 3:35 PM
Soundjump Bluetooth Speaker Has Built-In Portable Charger: $104.99
Fri, 3:21 PM
How to Opt Out of WhatsApp's Facebook Data Sharing
Fri, 1:29 PM
Get Your 80s Synth on with the Stranger Things Soundtrack on Apple Music
Fri, 12:43 PM
The iPad Pro 9.7-inch Keyboard Case for Road Warriors
Fri, 11:00 AM
TMO Daily Observations 2016-08-26: Interview with Fling's Dave Hamilton
Fri, 10:00 AM
Seeing a Folder's Size in the Terminal
Thu, 7:20 PM
The Battery That's Lasted 176 Years
Thu, 6:32 PM
Enough with iPhone Headphone Jack Kvetching
Thu, 6:30 PM
How to Enable Apple Watch Screenshots in watchOS 3
Thu, 6:11 PM
Apple Patches Critical Zero-Day Data Security Exploit in iOS 9.3.5 Update
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!