QuickTime critical vunerability

Gary · Nov 26, 2007, 18:10:34

Quote from Secunia "A vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing RTSP replies and can be exploited to cause a stack-based buffer overflow via a specially crafted RTSP reply containing an overly long "Content-Type" header.

Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

The vulnerability is confirmed in version 7.3. Other versions may also be affected.

NOTE: A working exploit is publicly available.

Solution:
Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files"

Rik · Nov 26, 2007, 18:13:04

Again...

Thanks, Gary.

Gary · Nov 26, 2007, 18:14:34

I know, and you said last time it updated what bugs will this version bring

Rik · Nov 26, 2007, 18:18:48

Apple just don't seem to be able to get to grips. Ever since they updated the software for Vista, there seems to have been a rash of fixes. Not good.

Gary · Nov 26, 2007, 18:24:03

I agree and now with an exploit in the wild that's bad news for us all, hopefully they will patch it quickly , what with that and FF this week its all go, thing is its not great for the casual browser who has no idea that there is even a vulnerability or where to look to find out such information,

Rik · Nov 26, 2007, 18:24:54

Indeed not, Gary - they need greater protection from the software houses.

Gary · Nov 26, 2007, 18:28:35

Back to that dumb terminal dare I say it, software rather than the OS is more the target these days than ever before, even XP is better than it used to be so hackers have got Vista which is a tough cookie XP and thats quite tight now, so its the plugins other programs and even the Antivirus software itself they go for

Rik · Nov 26, 2007, 18:31:21

Life was easier when you only got a virus if you put an unknown floppy in your machine.

Gary · Nov 26, 2007, 19:41:10

Quote from: Rik on Nov 26, 2007, 18:31:21
Life was easier when you only got a virus if you put an unknown floppy in your machine.

Depends how drunk you were Rik *ahem*

Lance · Nov 26, 2007, 22:38:10

Thanks for the warning, Gary. I'm getting fed up with the constant Apple updates really, just wish they could sort their programs out!

Gary · Nov 27, 2007, 06:08:17

I so agree Lance

Gary · Nov 27, 2007, 06:54:43

For now I have blocked all all tcp and udp activity for Quicktime 7.3 in my firewall to help mitigate the issue, hope its patched soon its a nasty vulnerability