Skip to Content

Another zero-day exploit for QuickTime

US-CERT and Information Week are reporting a new vulnerability in QuickTime's handling of RTSP streams, which has been demonstrated to crash QuickTime Player on Windows and may also affect the Mac version. See the writeup by researcher Luigi Auriemma, who first announced the flaw.

Unlike the RTSP bug patched in QuickTime 7.3.1 last month, this vector works by overflowing an HTTP error buffer sent when the RTSP port 554 is closed on the malicious server, and the QuickTime client tries to switch to port 80. Sneaky.

Since we're almost certain to see iTunes 7.6 and possibly QuickTime 7.3.2 at Macworld anyway, expect another rev of QuickTime to close this hole after those versions ship -- since Apple wasn't notified in advance of this hole, it's unlikely to be caught in the pending updates, as commenter Nicholas points out (unless Apple found the vector independently).


Categories

Security

US-CERT and Information Week are reporting a new vulnerability in QuickTime's handling of RTSP streams, which has been demonstrated to...
 

Add a Comment

*0 / 3000 Character Maximum

7 Comments

Filter by:
Jeff

I don't think this qualifies as a zero-day exploit. It certainly was unknown before, but there is no "exploit." A 0-day exploit is when malicious code is spotted in the wild that takes advantage of a previously unknown flaw. If researchers are announcing this and there is no malicious code in the wild, it's not an exploit (and, hence, not a 0-day exploit). So let's not get all crazy....

January 11 2008 at 4:37 PM Report abuse rate up rate down Reply
Dave

Possible vector for any type of attack? Virus? Takeover of my computer? Someone please decode this for the _rest_of_us_.

Thanks!
Dave

January 11 2008 at 4:21 PM Report abuse rate up rate down Reply
Justin

hmm.. possible vector for iPhone 1.1.3 entry?

January 11 2008 at 12:57 PM Report abuse rate up rate down Reply
1 reply to Justin's comment
Luigi193

hmm.. possible vector for iPhone 1.1.3 entry?

January 11 2008 at 2:16 PM Report abuse rate up rate down Reply
Justin

hmm.. possible vector for iPhone 1.1.3 entry?

January 11 2008 at 12:57 PM Report abuse rate up rate down Reply
Nicholas Ptacek

The Information Week article points out that Apple was not notified ahead of time about this exploit. Also it should be noted that a zero-day exploit usually refers to an exploit previously unknown to the product developer. That said, don't expect that the new versions of iTunes and Quicktime to be (potentially) released at MacWorld will patch this issue.

January 11 2008 at 12:49 PM Report abuse rate up rate down Reply
1 reply to Nicholas Ptacek's comment
Michael Rose

Sorry, I missed a couple of words in the last graf -- meant to imply that the fix will be AFTER Macworld. Working on it.

Zero-day can mean either unknown to the vendor or simply no patch available:

http://en.wikipedia.org/wiki/Zero_day

January 11 2008 at 1:00 PM Report abuse rate up rate down Reply
Buy an ad here

Hot Apps on TUAW

Tweets

© 2012 AOL Inc. All Rights Reserved.