Apple has been presented with yet another security headache by an independent researcher.
Krystian Kloskowski has posted a proof-of-concept exploit for a vulnerability in Apple's QuickTime multimedia software.
A researcher has posted proof-of-concept for a vulnerability in Apple's QuickTime
QuickTime flaw adds to Apple's woes
Exploit especially dangerous for Firefox users
vnunet.com, 27 Nov 2007
Advertisement
The researcher said that a successful attack could enable the remote execution of malicious code.
The exploit targets a flaw in the way QuickTime handles information for streaming media files.
Malformed data could be hidden within a streaming media file to trigger a buffer overflow error, which could allow the attacker to access the system with the privileges of the current user.
Even an unsuccessful attack could crash the QuickTime player, according to Kloskowski.
The exploit exists only as a proof-of-concept sample to verify the existence of the flaw. There have been no reports of any attacks targeting the vulnerability.
Many users will be comforted to know that their choice of browser could prevent the attack. Researchers at Symantec have found that Internet Explorer 6 and 7 do not allow the exploit to run.
The latest beta of Safari for Windows is also protected, but Mozilla's Firefox browser remains vulnerable to the attack.
"Firefox users are more susceptible because Firefox farms off the request directly to the QuickTime player as a separate process outside its control," wrote Symantec researcher Elia Florio in a company blog.
"As a result, the current version of the exploit works perfectly against Firefox if users have chosen QuickTime as the default player for multimedia formats."
Florio warned that attackers may adjust the exploit to work in other browsers, and advised users to adjust their firewalls to block outbound traffic from TCP 554 and avoid following untrusted links.
This latest vulnerability comes at a difficult time for Apple on the security front. Researchers blasted the company earlier this month for shortcomings in the firewall on the new MacOS X Leopard operating system.
Apple issued a fix, but a few days later researchers found that the company had left open a flaw in Leopard's Mail application that had been previously patched.
Meanwhile, a Trojan targeting Mac users has continued to flourish on fake codec sites.
Tags:
Further reading
Brits turned off by iPhone price
Clever gadget, but way too expensive
iPhone Road Test: Conclusion
The ups and downs of Apple's iPhone
Related whitepapers
Related jobs
Most read stories
Most commented stories
Most watched
Summit: How businesses should manage their brands online
In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies
Analysis and Reports
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Advertisement
White paper library
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Latest white papers
- The world of voice conferencing: A guide to creating the right environment
- The hidden financial and environmental costs of office printing
- Simplifying communications, serving citizens: unified communications in local government
- Storage choices for virtual server environments
- Global security threats trends - September 2009
Advertisement
Hiring now on ComputingCareers:
Advertisement
Spotlight
Comment: Information overload is a price worth paying if it helps the planet
Analyst Simon Perry argues that the data deluge doesn't have...
Advertisements
Secondary navigation
Do you agree?
Have your say on this article