Security analysts warn of QuickTime exploit

Security analysts warn of QuickTime exploit
Security analysts are warning that a bug in Apple's QuickTime threatens to allow hackers to install malware on computers running Windows XP or Vista or even get a list of passwords from the target computer.

According to Symantec analyst Anthony Roe, the flaw is more easily exploited in Vista than it would be under normal circumstances because Apple developers failed to take advantage of a Vista feature called Address Space Layout Randomization (ASLR). ASLR allows Windows Vista to load binaries (like quicktime) into memory in random locations, making it harder for an attacker to identify a particualar piece of code among all the other data stored in memory.



Another Symantec researcher, Patrick Jungles, added that QuickTime vulnerabilities usually draw attackers quickly. "In the past, we have seen a very short period of time between the release of proof-of-concept exploits for QuickTime vulnerabilities and the development of working exploits by attackers," said Jungles in a note to customers of his company's DeepSight threat network. "Popular applications such as QuickTime are strong candidates for exploitation in the wild."

Source: Computerworld

Written by: Rich Fiscus @ 25 Nov 2007 18:41
Advertisement - News comments available below the ad
  • 12 comments

  • furchtlos

    better be careful then.

    25.11.2007 20:48 #1

  • duckNrun

    $10 says that the fanboys will be saying this is a MS issue and St Jobs' code is as pure as snow and can't be faulted

    25.11.2007 20:58 #2

  • mediabob

    its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny

    25.11.2007 23:10 #3

  • duckNrun

    Originally posted by mediabob: its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funnylol

    I use what I use because I use it, which btw is XP. I have looked at and considered Linux on my next PC for all my 'on the web' usuage for security and whatnot. Of course I would still be windows native for my gaming.

    That being said I have never had a problem with XP being malware or virus infested. The few times I did catch something was due to my own actions while I was 'off roading' on the net.

    If I could grab a copy of Tiger or Leopard or whatever it is now I would gladly give it a spin and if I liked it I would probably keep it. I'm just not willing to 'upgrade' my system to the Jobs Mob

    26.11.2007 03:01 #4

  • ali2007

    i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

    highly recommened people to use it

    26.11.2007 06:42 #5

  • ali2007

    i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

    highly recommened people to use it

    26.11.2007 06:46 #6

  • xSModder

    Does anybody really even use Quicktime anymore?
    I mean, come on guys, Windows 98 is not gonna cut it forever.

    26.11.2007 10:44 #7

  • emugamer

    Originally posted by xSModder: Does anybody really even use Quicktime anymore?
    I mean, come on guys, Windows 98 is not gonna cut it forever.    Yes, there are current XP apps that require the user to install the latest Quicktime. The Total Training series for example. I use their Advanced Photoshop and Illustrator training. That's just 1 example. I'm sure other members can think of a few more.

    26.11.2007 11:46 #8

  • xSModder

    You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

    Do people really get Quicktime PRO?
    I mean, why bother spending even 5 dollars, let alone a 1 minute download?
    It's just dumb in my opinion.
    And for the programs that require this ungodly add-on...I think it's time they make the switch.

    26.11.2007 13:09 #9

  • emugamer

    Originally posted by xSModder: You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

    Do people really get Quicktime PRO?
    I mean, why bother spending even 5 dollars, let alone a 1 minute download?
    It's just dumb in my opinion.
    And for the programs that require this ungodly add-on...I think it's time they make the switch.    Yeah, I wish Total Training would use something else. I wouldn't pay for Quicktime as a standalone app. It's unfortunate that I have it on my PC. But I haven't found any training series as good as theirs.

    27.11.2007 06:31 #10

  • Mez

    A news flash for xSModder...

    If you have iTunes installed on your PC you have QT running. Because QT is a memory hog and takes so long to load, Apple loads QT at startup! That is Apples solution to crappy software. Apple doesn't care if you never use it or can't use it becase your iPod can not play videos. They figure you are too stupid to figure it out where your memory got to. I guess it works for 99.9% of the population.

    30.11.2007 07:29 #11

  • borhan9

    Well would it not be better to get rid of the software all together if this is the case every couple of months or every year wats going on.

    20.12.2007 06:30 #12

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud