Forum latest

QuickTime QuickSand?
General
Written by Daniel   
Wednesday, 03 January 2007 07:44
"MOAB" ( "Month ofApple Bugs")  is a group seeking to release each mouths reported bugs,... there's some contravercy concerning using this method although it was well recived as MOBB. ("Month of Browser bugs.")

DarkReading
Apple Bug Bites OS X, Windows


JANUARY 2, 2007 | The Month of Apple Bugs (MOAB) kicked off this week with a new and potentially critical bug in Apple's popular QuickTime application that affects both Mac OS X and Windows users. (See An Apple (Bug) a Day.)

LMH, who heads up the MOAB research project, released an OS X-based exploit for the bug and says he may also unleash one for Windows. The vulnerability in QuickTime's URL handler lets an attacker execute a stack-based buffer overflow, which would then allow them to run arbitrary code on the victim's machine. And when combined with another flaw, the attacker can "own" the machine, according to LMH.

Meanwhile, researcher HD Moore says a Metasploit contributor has built a Metasploit 3 module for the Windows version of the exploit. "Just about everyone has to install QuickTime at some point, and since the bug applies to the Windows version as well, it's just as critical as an Office or browser bug."

The QuickTime vulnerability is trivial to exploit, says David Maynor, CTO of Errata Security. "This is one of the most dangerous bugs in Apple I have ever seen. The debate about if this bug is real and exploitable has pretty much been made null and void by the exploit being released," he says. "Apple users should worry a lot."

Much more to read @ DarkReading
Discuss this in the forums!

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either