Vulnerability Discovered in Apple QuickTime

1 Comment

The “Month of Apple Bugs” project is pretty much what it sounds like — a month devoted to finding, proving and publishing the details of exploits in Apple hardware and software. Any coincidence that it’s scheduled for the same month as MacWorld can be chalked up to ironic humor on the part of cheeky hackers.

So far, the biggest story has been the discovery of a buffer-overflow vulnerability that can affect Windows and Macintosh machines running QuickTime 7.1.3. All the attacker has to do is send a bogus call to a the RTSP (Real Time Streaming Protocol) URL handler via HTML, JavaScript or through a QuickTime QTL file.

How can you defend yourself? According to LMH and Kevin Finisterre who discovered the vulnerability, “The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage.”

1 Comment

Comments are closed.