Cell Phone Forums
»
Zero-day exploit in QuickTime could hit Win iTunes users
 |
|
|
LinkBack | Thread Tools | Display Modes |
|
#1
11-28-2007, 07:27 PM
|
||||
|
||||
|
Zero-day exploit in QuickTime could hit Win iTunes users
Filed under: Security
 Over the weekend, security researchers announced a vulnerability in QuickTime's handling of the RTSP streaming protocol, and Windows-only exploit code is already circulating. The flaw allows attackers to craft specially formatted RTSP responses that cause a buffer overflow, and as a result they can execute arbitrary code in the context of the logged-in user. Unfortunately, there are plenty of ways to get someone to click a malicious RTSP link, including sending it in email or including it on a website. While Symantec notes that IE and Safari for Windows appear to be resistant to the exploit code, opening a malicious RTSP link in current versions of Firefox or in QuickTime Player would allow the exploit to run.For now, there is no Mac version of the exploit (cold comfort to the millions of iTunes for Windows users); hopefully there will be a QuickTime security patch on both platforms before any additional exposure occurs. Rich Mogull at TidBITS has some helpful tips for securing your network, including blocking the RTSP protocol both at the firewall and for outbound connections via Little Snitch. [via TidBITS] Read | Permalink | Email this | Comments More...  
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Automatic translations delivered by NLP-er
Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
copyright phonetweaks.com 2008
Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
