Technology news and Jobs 
Information Technology News QuickTime RTSP vulnerability goes wild
Information Technology News QuickTime RTSP vulnerability goes wild | QuickTime RTSP vulnerability goes wild |
|
|
| by Stephen Withers | |
| Monday, 03 December 2007 | |
|
The confirmed attack uses an IFRAME to redirect browsers to the site hosting the malicious code. "Since a patch to correct the issue has yet to be released, we advise users to be cautious when browsing the web," said Joji Hamada, security response engineer at Symantec. In related news, an analysis performed by tech startup Subreption has found that the vulnerability can be exploited on Mac OS X as well as Windows. By determining the operating system and QuickTime version running on the target computer, a malicious server can deliver the appropriate exploit. Subreption says the lack of heap randomisation, the ability to execute stack memory on the PowerPC version of Mac OS X, and the ability to make stack memory executable on the Intel version all make it easier to exploit the flaw. Mac security vendor Intego has claimed that "any exploit that targets a Windows computer will also affect Macs." Apart from the relatively trivial case of an exploit intended only to crash QuickTime, this may not be true. While the vulnerability may be cross-platform, an exploit would need to be targeted to an operating system. That said, writing an exploit that takes advantage of a shared vulnerability to deliver system-specific payloads is an established technique.
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
