QuickTime Vulnerability Capable of Hijacking Macs & PCs
An American security investigator has issued a particular sample of code that can infect both computers and Macs operating Apple's QuickTime player remotely.
The attack code is the fourth in succession to aim the recently found security vulnerability in the manner in which QuickTime interfaces with computers that play audio and video files. So far, the exploit codes could attack computers operating Windows Operating System (OS), but according to investigator Lorenzo Hernandez (alias Larry), his exploit can also aim Leopard and Tiger editions of OS X operating on both Intel-made processors or earlier computers that used the PowerPC chip, as reported by The Register on November 29, 2007.
The sole purpose was to furnish a very instructive exploit, said Larry. They were attempting to reveal and explain exploitation methods for OS X.
The information arrived a few days after a flaw in the running of QuickTime's Real Time Streaming Protocol (RTSP), an (application level) audio/video-streaming protocol, was exposed on the milw0rm.com site. Proof-of-concept code (zero-day exploit) that interfered with Windows Vista and Windows XP SP2 came after sometime.
However, though experts on November 26, 2007 reasserted that Mac OS X variants of QuickTime 7.2 and Leopard were unprotected, it was only after some days that other investigators could create a dependable exploit.
The exploit that is available here initially examines the inside of an end-user's computer to ascertain the type of OS it is executing. After that, it lets loose the actual data that is adapted to the particular OS. For the exploit to succeed, a hacker would have to dupe a user into opening a baited link, or file.
On November 29, 2007, Symantec alerted its DeepSight Analyzer service clients that a Metasploit exploit module had been issued. This exploit can remotely bring about exploit code execution via QuickTime's RTSP protocol flaw present on Macs and Microsoft Windows, Symantec reported in its cautionary. This is perhaps the earliest seen successful exploit for Apple computers.
Symantec recommended its clients to disenable Apple QuickTime's RTSP protocol handler and screen the outgoing data through the ordinary (not the only accessible) port utilized by RTSP, in addition to TCP port 554 and UDP ports 6970-6999.
Related article: QuickTime Flaw Poses Risk to Mac & Windows Systems
» SPAMfighter News - 11-12-2007