Application security, Incident Response, Malware, Patch/Configuration Management, TDR, Vulnerability Management

In-the-wild exploits target Apple QuickTime flaw; proof-of-concept malware aims at Second Life

Researchers have spotted two active attacks and a new proof-of-concept (PoC) exploit that take advantage of a still unpatched vulnerability in Apple QuickTime.

Of the three, the PoC is particularly notable because it targets users of the popular virtual world Second Life, experts said today.

Symantec Security Response senior research manager Ben Greenbaum said the attack has been set up to steal 12 Linden dollars, the online currency in Second Life which is convertible to U.S. dollars at various online sites.

"The PoC is meant to show that Second Life is a real potential attack vector," Greenbaum said, adding that five percent of the top 50 malicious codes now target online gaming sites.

A spokesperson for Second Life, in a blog post, advised users to disable QuickTime capabilities in their Second Life viewer when visiting untrusted parts of the virtual world.

"We do have the ability to turn off all videos on the grid, but have instead chosen to respect the existing in-world content and experiences which rely on streaming video, as we know many of you enjoy these," the post said. "We do recommend that you employ caution when using QuickTime in Second Life, only enabling it in environments that you trust and are familiar with."

Meanwhile, Greenbaum said researchers also are tracking two in-the-wild exploits that can occur when the latest version of QuickTime processes real-time streaming protocol (RTSP) responses. This can give rise to a stack-based buffer overflow.

The attacks begin with IFRAME code embedded on a pornographic website, according to Symantec. This causes the browser to make a hidden request to another URL, which serves the exploit and installs the trojan downloader on a user's machine.

An Apple spokeswoman did not respond to a request for comment. So far this year, the Cupertino, Calif.-based company has released four new versions of the media player.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.