Quicktime Hacked!!!
September 2008
Hacker posts QuickTime zero-day attack code. A hacker has released attack code that exploits an unpatched vulnerability in Apple Inc.’s QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday. The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the ““ parameter in QuickTime, which is not prepared to handle excessively-long strings, said a researcher with Symantec Corp.’s DeepSight threat notification network. In its present form, the exploit triggers a QuickTime crash, but it may be more serious. “The exploit suggests that code execution may be possible,” the researcher added, “[and] if this flaw were to allow arbitrary code to run, it may pose a significant risk, because attackers may be able to exploit the issue by embedding a malicious file into a site.” The researcher had little advice for users beyond urging them to be wary while browsing and to consider disabling the QuickTime plug-in, which is commonly found on Windows machines and installed by default on all Macs.
Hacker posts QuickTime zero-day attack code. A hacker has released attack code that exploits an unpatched vulnerability in Apple Inc.’s QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday. The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the ““ parameter in QuickTime, which is not prepared to handle excessively-long strings, said a researcher with Symantec Corp.’s DeepSight threat notification network. In its present form, the exploit triggers a QuickTime crash, but it may be more serious. “The exploit suggests that code execution may be possible,” the researcher added, “[and] if this flaw were to allow arbitrary code to run, it may pose a significant risk, because attackers may be able to exploit the issue by embedding a malicious file into a site.” The researcher had little advice for users beyond urging them to be wary while browsing and to consider disabling the QuickTime plug-in, which is commonly found on Windows machines and installed by default on all Macs.
posted by arkietechs at 6:22 AM
0 Comments:
Post a Comment
<< Home