Apple’s QuickTime Flaw Exposes XP & Vista to HackersSymantec cautions that an arbitrary code used to exploit an unrepaired flaw in Apple's QuickTime software has been exposed, and maintained that strikes against computers executing Vista and Windows XP are to be expected before long. The exploit was issued on November 25, 2007 soon after the public revelation of the yet to be fixed buffer overflow flaw, which includes the QuickTime RTSP (Real Time Streaming Protocol) Response Header vulnerability. Symantec also informs that the exploit might be used to strike users of the recent variant of individual QuickTime 7.3, duped into opening malevolent messages on cyber-terrorist-operated sites. An identical strike just incapacitates the browser plug-in's of QuickTime software users. Strikes through e-mail attachments carrying malicious XML code leading the user to malevolent computers are also projected. This type of strike needs users to click twice on the malevolent QuickTime multimedia attachment to execute. These two strikes depend on starting a RTSP link on port 554 resulting in the transfer of malware. Symantec informs that Internet Explorer 6 and 7 (plus Safari 3) stop the strike. But depending solely on this as a protection may be risky. According to Symantec, hackers might try to perfect the exploit in future so as to defeat the teething problems and produce a dependable exploit that effectively attacks Internet Explorer. According to news reported on November 25, 2007 by Computerworld, Symantec gave full credit to the Polish scientist Krystian Kloskowski for being the first to inform about the zero-day flaw on the milw0rm.com site on November 23, 2007. Kloskowski and another anonymous investigator known as "InTeL" improved it by November 24, 2007 with individual proof-of-concept codes (zero-day exploits) that operated on Windows XP SP2 and Vista computers executing QuickTime 7.2 or 7.3. A productive exploit would allow the cracker to insert extra malicious code, a Spambot, or a spyware or harvest the computer for data, such as passwords. Apple finally fixed QuickTime about three weeks back, in November 2007, after it issued version 7.3 to patch many dangerous image-rendering and Java-linked flaws. Hitherto in 2007, Apple has released six QuickTime security-connected updates that have patched total 31 bugs. Related article: Apple Patches QuickTime 13 Month Old Flaw » SPAMfighter News - 12/6/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
