Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Year’s first QuickTime vulnerability discovered

An Italian researcher has identified a flaw in Apple's QuickTime media application that can allow an attacker to perform a DoS attack or take control of an affected PC.

The issue is caused by a buffer overflow error when processing RTSP response messages and displaying the “Reason-Phrase.” Researcher Luigi Auriemma, the flaw's discoverer, confirmed to today that it can be exploited for remote code execution.

The flaw affects QuickTime on Windows operating systems, but not Mac, according to Auriemma. No patch is available for the flaw.

Secunia, a Cophenhagen-based vulnerability monitoring organization, noted that successful exploitation can take place when a user opens a specially crafted QTL file or visits a malicious website. The flaw, ranked “highly critical,” meaning that it is a zero-day flaw but no exploit has been reported in the wild, exists in QuickTime version

FrSIRT, the French Security Incident Response Team, today ranked the flaw “critical,” meaning that it can be exploited from a remote location.

US-CERT also warned end-users about the flaw on Thursday, providing a number of workarounds and advising users to avoid links including URL encoding, IP address variations, long URLs and intentional misspellings.

Amol Sarwate, director of Qualys' vulnerability research lab, told today that an attack exploiting this flaw would target end-users who are not considered computer-savvy.

“I think a lot of it has to do with the popularity of QuickTime. When Internet Explorer was the browser king, many of the [disclosed] vulnerabilities were in Internet Explorer,” he said. “And it is operating system independent – you have QuickTime plug-ins for Windows and Mac – that's the reason it's being targeted.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.