iTWire - QuickTime RTSP vulnerability goes wild

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

QuickTime RTSP vulnerability goes wild

QuickTime RTSP vulnerability goes wild

E-mail

by Stephen Withers
Monday, 03 December 2007
The QuickTime RTSP vulnerability disclosed last week is now being exploited in the wild. Featured Whitepaper 5 Best Practices for Smartphone Support According to Symantec, "Our current analysis is also leading us to believe that there may be multiple attacks in existence. Further investigation is currently under way to confirm this." The confirmed attack uses an IFRAME to redirect browsers to the site hosting the malicious code. "Since a patch to correct the issue has yet to be released, we advise users to be cautious when browsing the web," said Joji Hamada, security response engineer at Symantec. In related news, an analysis performed by tech startup Subreption has found that the vulnerability can be exploited on Mac OS X as well as Windows. By determining the operating system and QuickTime version running on the target computer, a malicious server can deliver the appropriate exploit. Subreption says the lack of heap randomisation, the ability to execute stack memory on the PowerPC version of Mac OS X, and the ability to make stack memory executable on the Intel version all make it easier to exploit the flaw. Mac security vendor Intego has claimed that "any exploit that targets a Windows computer will also affect Macs." Apart from the relatively trivial case of an exploit intended only to crash QuickTime, this may not be true. While the vulnerability may be cross-platform, an exploit would need to be targeted to an operating system. That said, writing an exploit that takes advantage of a shared vulnerability to deliver system-specific payloads is an established technique. Tags See All Tags Apple Macintosh Malware Security Stephen Withers Web Windows Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking