Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Apple QuickTime potential vulnerability/backdoor - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple QuickTime potential vulnerability/backdoor

A vulnerability/backdoor in Apple Quicktime has been announced, and we are keeping an eye on it.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
Could this be mitigated with SlayOCX? If so, what is the CLSID?
ComputerX

6 Posts
- http://www.symantec.com/security_response/threatconlearn.jsp
Aug. 31, 2010 - "... Users may wish to disable the QuickTime plugin until a patch is available; this can be achieved by setting the killbit for the affected control (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) -or- renaming the plugin (QTPlugin.OCX)..."

- http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
30 August 2010 - "... exploit... works only against those who have Microsoft's Windows Live Messenger installed..."
.
Jack

160 Posts
From the above-mentioned Register article:

"While the exploit posted by Santamarta works only against those who have Microsoft's Windows Live Messenger installed, the researcher told The Reg that components that ship by default with QuickTime can be used to pull off the same ROP sleight of hand. Files called QuickTimeAuthoring.qtx and QuickTime.qts are two possibilities."

"Indeed, programmers with the open-source Metasploit project used by penetration testers and other hackers are in the process of building an attack module that does just that."

The exploit posted by Santamarta uses Windows Live Messenger because its DLLs don't use ASLR and DEP so the exploit has an easier time. But the underlying vulnerability and the approach used by Santamarta can take advantage of any DLL that doesn't use ASLR and DEP, and there are a lot of them on the typical system.
Anonymous
>> http://support.apple.com/kb/HT4339
QuickTime 7.6.8 released - September 15, 2010
___
Jack

160 Posts

Sign Up for Free or Log In to start participating in the conversation!