Macs and PCs Vulnerable to QuickTime Hack

By NewsFactor Network | January 3, 2007

A vulnerability identified as part of the Month of Apple Bugs project is making its way around the Internet today — at least in dozens of press reports highlighting it, if not on users’ machines.

The bug, a flaw in Apple’s QuickTime movie player, reportedly lets hackers exploit QuickTime’s Real Time Streaming (RTS) protocol to cause a buffer overflow. A buffer overflow is simply a problem that occurs when a program, such as QuickTime, attempts to store too much data in the space allotted for it, and can give hackers complete control over a computer.

The QuickTime flaw can be triggered through HTML, JavaScript, and QuickTime files, making its vector — that is, the method through which the flaw is exploited — a common one indeed. It also affects all versions of QuickTime, including the most recent, 7.1.3, on both Macs and Windows machines.

Security firm Secunia has rated the flaw “highly critical.” To avoid it, users can uninstall QuickTime or disable RTS.

Month Ahead

The QuickTime flaw was publicized as part of the Month of Apple Bugs project, a joint effort of Kevin Finisterre, a self-taught security entrepreneur, and a hacker known only as LMH.

The Month of Apple Bugs project follows the Month of Browser Bugs and Month of Kernel Bugs, both of which sought to highlight common hacks and other problems by releasing the details of one vulnerability a day over the course of a full month.

Unlike Microsoft, which bears a Windows-sized target on its back by dint of its global reach and, in hacker circles, poor reputation for strong security, Apple is not often the target of hackers’ mischief. But Finisterre and LMH want Apple users to know they’re not perfectly safe, either — to counteract a common misconception among Apple fans.

Flaws Exist

“Flaws exist, with and without people disclosing…

Bookmark and Share :-)